Forwarded from BlackBox (Security) Archiv
The Crypto AG Scandal And The Question Of Swiss Neutrality
On the 11 February 2020, the Washington Post published an extensive article revealing the #CryptoAG Scandal. The article damningly exposes the way in which the #Swiss #encryption company Crypto AG was co-opted by the #CIA for decades. The #spy #agency coerced the company’s founder into working for them in the 1950s, and later bought out Crypto AG in a secret partnership with the German spy agency the #BND. Throughout this time, faulty encryption machines were sold to governments around the world to improve American #espionage capabilities. This “audacious” project lasted well into the 21st century, presumably until the company’s liquidation in 2018. According to the Washington Post article, “CIA and BND documents indicate that Swiss officials must have known for decades about Crypto’s ties to the U.S. and German spy services, but intervened only after learning that news organizations were about to expose the arrangement.” It is this revelation which has led various news agencies (including the BBC) to declare that Swiss neutrality has been “shattered”.
The Swiss have long cultivated a policy of neutrality. This concept is ubiquitous in popular culture, from the end of The Sound of Music, to the English phrase “being Switzerland” which is synonymous with neutrality. What impact, (if any), will the implications of Swiss partiality toward the U.S. in the scandal have upon their aura of neutrality?
👉🏼 Read more:
https://theowp.org/the-crypto-ag-scandal-and-the-question-of-swiss-neutrality/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
On the 11 February 2020, the Washington Post published an extensive article revealing the #CryptoAG Scandal. The article damningly exposes the way in which the #Swiss #encryption company Crypto AG was co-opted by the #CIA for decades. The #spy #agency coerced the company’s founder into working for them in the 1950s, and later bought out Crypto AG in a secret partnership with the German spy agency the #BND. Throughout this time, faulty encryption machines were sold to governments around the world to improve American #espionage capabilities. This “audacious” project lasted well into the 21st century, presumably until the company’s liquidation in 2018. According to the Washington Post article, “CIA and BND documents indicate that Swiss officials must have known for decades about Crypto’s ties to the U.S. and German spy services, but intervened only after learning that news organizations were about to expose the arrangement.” It is this revelation which has led various news agencies (including the BBC) to declare that Swiss neutrality has been “shattered”.
The Swiss have long cultivated a policy of neutrality. This concept is ubiquitous in popular culture, from the end of The Sound of Music, to the English phrase “being Switzerland” which is synonymous with neutrality. What impact, (if any), will the implications of Swiss partiality toward the U.S. in the scandal have upon their aura of neutrality?
👉🏼 Read more:
https://theowp.org/the-crypto-ag-scandal-and-the-question-of-swiss-neutrality/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Did a Chinese Hack Kill Canada’s Greatest Tech Company?
Nortel was once a world leader in wireless technology. Then came a hack and the rise of Huawei.
The documents began arriving in China at 8:48 a.m. on a Saturday in April 2004. There were close to 800 of them: PowerPoint presentations from customer meetings, an analysis of a recent sales loss, design details for an American communications network. Others were technical, including source code that represented some of the most sensitive information owned by Nortel Networks Corp., then one of the world’s largest companies.
https://www.bloomberg.com/news/features/2020-07-01/did-china-steal-canada-s-edge-in-5g-from-nortel
https://www.assemblymag.com/blogs/14-assembly-blog/post/90631-did-outsourcing-and-corporate-espionage-kill-nortel
https://www.cbc.ca/news/politics/former-nortel-exec-warns-against-working-with-huawei-1.1137006
#huawei #nortel #canada #china #industrial #espionage #telecom
Nortel was once a world leader in wireless technology. Then came a hack and the rise of Huawei.
The documents began arriving in China at 8:48 a.m. on a Saturday in April 2004. There were close to 800 of them: PowerPoint presentations from customer meetings, an analysis of a recent sales loss, design details for an American communications network. Others were technical, including source code that represented some of the most sensitive information owned by Nortel Networks Corp., then one of the world’s largest companies.
https://www.bloomberg.com/news/features/2020-07-01/did-china-steal-canada-s-edge-in-5g-from-nortel
https://www.assemblymag.com/blogs/14-assembly-blog/post/90631-did-outsourcing-and-corporate-espionage-kill-nortel
https://www.cbc.ca/news/politics/former-nortel-exec-warns-against-working-with-huawei-1.1137006
#huawei #nortel #canada #china #industrial #espionage #telecom
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry
A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.
Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.
https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/
#asia #taiwan #china #industrial #economic #espionage #hackers
A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.
Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.
https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/
#asia #taiwan #china #industrial #economic #espionage #hackers
Forwarded from BlackBox (Security) Archiv
Rampant Kitten – An Iranian Espionage Campaign
Introduction
Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.
💡 Among the different attack vectors we found were:
👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information
👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more
👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts
💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:
👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)
👉🏼 Azerbaijan National Resistance Organization
👉🏼 Balochistan people
👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes
#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Introduction
Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.
💡 Among the different attack vectors we found were:
👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information
👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more
👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts
💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:
👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)
👉🏼 Azerbaijan National Resistance Organization
👉🏼 Balochistan people
👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes
#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Check Point Research
Rampant Kitten - An Iranian Espionage Campaign - Check Point Research
Introduction Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers…
Forwarded from BlackBox (Security) Archiv
mandiant-apt1-report.pdf
6.5 MB
APT1- Exposing One of China’s Cyber Espionage Units
👀 👉🏼 (PDF)
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
#apt1 #china #cyber #espionage #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoola
👀 👉🏼 (PDF)
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
#apt1 #china #cyber #espionage #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoola
Beyond Pegasus: The Bigger Picture of Israeli Cyber Spying
We have been told to live in mortal fear of online hackers, and, as the “cyber pandemic” narrative ramps up, the fear-mongering over Chinese, Russian and even North Korean cyberwarriors is going into overdrive.
Strange, then, given this climate of non-stop cybersecurity hysteria, that we rarely hear mention of one of the world’s confirmed cyberhacking superpowers: Israel. Just as Israel’s nuclear arsenal is the worst-kept secret in the world, it seems that mention of Israel’s cyber arsenal is strictly forbidden in the mainstream press. But it is now undeniable that Israel is running one of the most sophisticated, pervasive and influential cyberhacking operations in the world.
The official silence on Israel’s cyber espionage changed last month when the story of Pegasus—a piece of military-grade spyware developed by Israeli surveillance firm NSO Group—made headlines for all the wrong reasons. The software, as Haaretz and other MSM half-truth peddlers inform us, is able to hijack the phones of its victims, recording from the phone’s cameras and microphone and collecting location data, call logs and contacts, all without the target’s knowledge. And, as the consortium of dinosaur media publishers who were given access to this treasure trove of information report, it is being used by “oppressive regimes” to target “180 journalists” and even scoop up personal contact details of national misleaders like French President Emmanuel Macron and Pakistani Prime Minister Imran Khan.
But there are some very important things you never learned about the Pegasus story in the dinosaur media’s coverage of it, and, if you do rely on the lamestream media for your knowledge, there are a lot of things you won’t know about the history of Israeli cyberspying. So today, let’s take a look at the issue of Israel’s high-tech espionage.
https://www.minds.com/CorbettReport/blog/beyond-pegasus-the-bigger-picture-of-israeli-cyber-spying-1271089882587992066
#israel #spyware #pegasus #nso #history #espionage
We have been told to live in mortal fear of online hackers, and, as the “cyber pandemic” narrative ramps up, the fear-mongering over Chinese, Russian and even North Korean cyberwarriors is going into overdrive.
Strange, then, given this climate of non-stop cybersecurity hysteria, that we rarely hear mention of one of the world’s confirmed cyberhacking superpowers: Israel. Just as Israel’s nuclear arsenal is the worst-kept secret in the world, it seems that mention of Israel’s cyber arsenal is strictly forbidden in the mainstream press. But it is now undeniable that Israel is running one of the most sophisticated, pervasive and influential cyberhacking operations in the world.
The official silence on Israel’s cyber espionage changed last month when the story of Pegasus—a piece of military-grade spyware developed by Israeli surveillance firm NSO Group—made headlines for all the wrong reasons. The software, as Haaretz and other MSM half-truth peddlers inform us, is able to hijack the phones of its victims, recording from the phone’s cameras and microphone and collecting location data, call logs and contacts, all without the target’s knowledge. And, as the consortium of dinosaur media publishers who were given access to this treasure trove of information report, it is being used by “oppressive regimes” to target “180 journalists” and even scoop up personal contact details of national misleaders like French President Emmanuel Macron and Pakistani Prime Minister Imran Khan.
But there are some very important things you never learned about the Pegasus story in the dinosaur media’s coverage of it, and, if you do rely on the lamestream media for your knowledge, there are a lot of things you won’t know about the history of Israeli cyberspying. So today, let’s take a look at the issue of Israel’s high-tech espionage.
https://www.minds.com/CorbettReport/blog/beyond-pegasus-the-bigger-picture-of-israeli-cyber-spying-1271089882587992066
#israel #spyware #pegasus #nso #history #espionage
Minds
Beyond Pegasus: The Bigger Picture of Israeli Cyber Spying | Minds
by James Corbettcorbettreport.comAugust 7, 2021We have been told to live in mortal fear of online hackers and, as the "cyber pandemic" narra...
Media is too big
VIEW IN TELEGRAM
Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks - BLack Hat CitizenLab / 2020
This briefing will take an in-depth look at the technical capabilities of mobile attacks that are being leveraged against real targets for the purpose of espionage. We will focus on Pegasus, a lawful intercept product, and the features and exploit chain it used. We will describe how we discovered and tracked the developer’s infrastructure prior to the attack, and how we later caught a sample of the elusive malcode being used against a prominent human rights defender.
#Pegasus #NSO #Spyware #CitizenLab #BlackHat #espionage #israel #exploit
This briefing will take an in-depth look at the technical capabilities of mobile attacks that are being leveraged against real targets for the purpose of espionage. We will focus on Pegasus, a lawful intercept product, and the features and exploit chain it used. We will describe how we discovered and tracked the developer’s infrastructure prior to the attack, and how we later caught a sample of the elusive malcode being used against a prominent human rights defender.
#Pegasus #NSO #Spyware #CitizenLab #BlackHat #espionage #israel #exploit
A technical analysis of Pegasus for Android – Part 1 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
A technical analysis of Pegasus for Android – Part 2 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
A technical analysis of Pegasus for Android – Part 3 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#Pegasus #NSO #israel #Spyware #espionage #exploit
A technical analysis of Pegasus for Android – Part 2 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
A technical analysis of Pegasus for Android – Part 3 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#Pegasus #NSO #israel #Spyware #espionage #exploit
Forwarded from Pegasus NSO & other spyware
Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa - Check Point Research – June 2023
Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International – 2019
#StealthSoldier #EyeOnTheNile
#Backdoor #espionage #malware #Egypt #Libya
Check Point Research observed a wave of highly-targeted espionage attacks in Libya that utilize a new custom modular backdoor.
Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information.
The Stealth Soldier infrastructure has some overlaps with infrastructure the The Eye on the Nile which operated against Egyptian civilian society in 2019. This is the first possible re-appearance of this threat actor since then.
Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International – 2019
#StealthSoldier #EyeOnTheNile
#Backdoor #espionage #malware #Egypt #Libya
Forwarded from Pegasus NSO & other spyware
Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives - Check Point Research – June 2023
#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia
In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers
.#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia
CID Lookout: Unsolicited Smartwatches Received by Mail > Department of the Army Criminal Investigation Division
Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.
These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.
Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches
#spyware #WristWatch
#USA #SmartWatch #espionage
Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.
These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.
Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches
#spyware #WristWatch
#USA #SmartWatch #espionage
Big Brother Watch (@BigBrotherWatch): "Cameras made by Chinese state-owned surveillance firm, #Hikvision, found outside MI6 HQ "It is highly embarrassing for MI6 that these cameras are monitoring them."
British spies are being filmed by Chinese surveillance cameras in front of MI6 headquarters, The Mail on Sunday can revealed
#UK #China #CCTV #espionage
#MI6
British spies are being filmed by Chinese surveillance cameras in front of MI6 headquarters, The Mail on Sunday can revealed
#UK #China #CCTV #espionage
#MI6
Mail Online
The MoS revealed they've been trained on Army barracks and even Sandringham… Now Chinese spy cams are found outside MI6 HQ
Cameras made by Hikvision - which is banned in US federal buildings on national security grounds - have been installed on a lamp post across the road from MI6 headquarters.
Forwarded from Pegasus NSO & other spyware
Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks – TheHackerNews - June 2023
Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft – CrowdStrike - June 2023
#VoltTyphoon #VanguarPanda #China #espionage #spyware #malware
The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest.
The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda.
"The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land (LotL) techniques for lateral movement,"
Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft – CrowdStrike - June 2023
#VoltTyphoon #VanguarPanda #China #espionage #spyware #malware
Forwarded from Pegasus NSO & other spyware
Asylum Ambuscade: crimeware or cyberespionage? | WeLiveSecurity – June 2023
#AsylumEmbuscade
#SunSeed #AHKBOT #EU #Ukraine #Russia #CyberEspionage #espionage
A curious case of a threat actor at the border between crimeware and cyberespionage
Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by
Proofpoint researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few weeks after the start of the Russia-Ukraine war. In this blogpost, we provide details about the early 2022 espionage campaign and about multiple cybercrime campaigns in 2022 and 2023.
#AsylumEmbuscade
#SunSeed #AHKBOT #EU #Ukraine #Russia #CyberEspionage #espionage
Forwarded from Pegasus NSO & other spyware
How a cloud flaw gave Chinese spies a key to Microsoft’s kingdom
#Storm0558 #China #Infosec
#espionage
For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.
Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.
This latest attack uses a unique trick: Microsoft says hackers stole a cryptographic key that let them generate their own authentication “tokens”—strings of information meant to prove a user’s identity—giving them free rein across dozens of Microsoft customer accounts.
#Storm0558 #China #Infosec
#espionage
US govt IT worker accused of leaking top secrets • The Register –
A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.
Abraham Lemma, 50, a Silver Springs, Maryland resident and a naturalized United States citizen who was born in Ethiopia, was detained on August 24 after allegedly sending classified US national defense information to an Ethiopian intelligence agent. He has worked in various American government agencies since 2019.
#US #Ethiopia #Espionage
A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.
Abraham Lemma, 50, a Silver Springs, Maryland resident and a naturalized United States citizen who was born in Ethiopia, was detained on August 24 after allegedly sending classified US national defense information to an Ethiopian intelligence agent. He has worked in various American government agencies since 2019.
#US #Ethiopia #Espionage
The Register
US govt IT help desk techie 'leaked top secrets' to foreign nation
National defense files can earn you $55K … and espionage charges
Forwarded from Pegasus NSO & other spyware
eXotic Visit campaign: Tracing the footprints of Virtual Invaders | We Live Security
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
ESET researchers have discovered an active espionage campaign targeting Android users with apps primarily posing as messaging services. While these apps offer functional services as bait, they are bundled with open-source XploitSPY malware. We have named this campaign eXotic Visit and have tracked its activities from November 2021 through to the end of 2023. The targeted campaign has been distributing malicious Android apps through dedicated websites and, for some time, through the Google Play store as well.
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
Forwarded from Pegasus NSO & other spyware
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities – Linkedin
Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear
XAgent is a spyware targeting iOS devices, representing a mobile implant. Publicly attributed to the group APT28 (also known as Sofacy or Fancy Bear), XAgent is consistent with TTPs of targeting government entities, political organizations, and individuals of interest for cyber espionage purposes.
The XAgent iOS implant exhibits advanced functionalities for comprehensive data collection, exfiltration and potential remote control, aligning with APT28's objectives of gathering intelligence and maintaining persistent access to compromised systems
.Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear