Tag Archive for: blacklisted

Another Israeli Exploit Developer Caught Selling Malware To Blacklisted Countries

/in


from the quite-the-cottage-industry-you-got-there dept

Maybe it’s time for the Israeli government to put a moratorium on Mossad-based startups. Israeli intelligence services have been the petri dishes for a particular strain of techbro — ones who have the smarts to create zero-click exploits but none of the common sense needed to cull baddies from their customer lists.

The Israeli government is partly to blame. It worked closely with NSO Group (and presumably others in the same business) to broker deals with human rights abusers: diplomacy via malware sales.

Months of negative press got NSO blacklisted by the US government. It also got it investigated in its homeland, finally resulting in the Israeli government (reluctantly) limiting who the company could sell to.

NSO isn’t the only malware merchant with Israeli roots. Candiru — another recipient of US sanctions — calls Israel home. So does Cytrox, yet another exploit developer with ties to Israeli intelligence services. Cytrox was at the center of a recent domestic spying scandal in Greece, with its malware being used to target opposition leaders and journalists. This culminated in Greek police forces raiding Cytrox’s local office, presumably as part of the ongoing investigation.

Now there’s another Israeli spyware maker making the wrong kind of headlines, as Fanny Potkin and Poppy McPherson report for Reuters.

Israel’s Cognyte Software Ltd won a tender to sell intercept spyware to a Myanmar state-backed telecommunications firm a month before the Asian nation’s February 2021 military coup, according to documents reviewed by Reuters.

No matter who’s running the Myanmar government, they shouldn’t be trusted with powerful spyware. For most of the past 60 years, the country has been run by some form of military dictatorship. The 2021 coup simply reshuffled a bit of the military dictatorship organizational chart. Throughout this time period, residents (especially Muslim residents) have been on the receiving end of intense oppression. For Myanmar’s Muslims, oppression means death: ethic cleansing.

Given the fact that any malware sold to the Myanmar government was likely to be abused to target critics…

Source…

Blacklisted Iranian airline targeted by cyber attack, hackers identified

/in


Iran’s Mahan Air was reportedly hit by a cyberattack on Sunday morning, making it the latest in the series of hacking attempts that it has been targetted by. Notably, Mahan is the second-largest airline operating in the country and has been accused of “providing financial, material, or technological support to the IRGC-QF.” IRGC-QF, which stands for Islamic Revolutionary Gaurd Corps- Quds Force has been sanctioned by the US since 2011 for aiding terrorists. 

In the aftermath of the attack, Mahan issued a statement stating, “Mahan Air’s computer system has suffered a new attack. It has already been the target on several occasions due to its important position in the country’s aviation industry.”

Further, in its statement, the company claimed to have successfully thwarted the attack, however, a report in the Jerusalem Post stated that the group which claimed responsibility was successful in obtaining certain documents regarding IRGC. The same was confirmed by hacker group Hoosyarane Vatan, which in a Telegram Post, stated that people “deserved to know the truth behind money spent by IRGC abroad.” The group even went further to state that even after detecting the attack, the airlines were “never managed to drive us out of there, and our access to their network was never damaged.”

“We believe the public deserves to know the truth behind this cooperation and the money wasted on IRGC activities abroad while Iranian people suffer at home,” Hooshyarane-Vatan said in a statement. 

Iran targetted by multiple cyber attacks 

Late last month, a cyberattack targeted gas stations across Iran, leaving the motorists stranded in long queues for several hours as the government-issued electronic cards became non-operational. While it remains unclear what caused the major compromise and breach of security at the pumps that deliver subsidised fuel to the Iranians, the state media reported that the incident was aimed at directly challenging Iran’s Supreme Leader Ayatollah Ali Khamenei. 

The agency stated that the government-issued card punched in to buy fuel through the machines on Tuesday flashed back an error code with a message: “Cyberattack 64411.”…

Source…

CSA looking into Singapore cybersecurity firm blacklisted by US for trafficking hacking tools

/in


COSEINC describes itself on its website as a “privately funded company dedicated to providing highly specialised information security services to our clients”. It was founded in 2004 and is based at the Citilink Warehouse Complex on 102F Pasir Panjang Road.

According to its website, the company’s services include research, consulting and education, in areas such as computer security, malware analysis and penetration testing. Accounting and Corporate Regulatory Authority records show that it is a live company.

COSEINC’s chief executive officer is Mr Thomas Lim, according to his LinkedIn page. His most recent post, about a month ago, said he could help anyone looking to hire “trained and certified” cybersecurity professionals.

Reuters reported on Nov 4 that Mr Lim is known for organising a security conference, named SyScan, which was sold to Chinese technology firm Qihoo 360, a sanctioned entity.

An email published by WikiLeaks in 2015 suggested that Mr Lim had also previously offered to sell hacking tools to Italian spyware vendor HackingTeam, the report said.

COSEINC did not respond to CNA’s request for comments. The telephone number listed on the company’s website could not be reached.

THREE OTHER COMPANIES BLACKLISTED

COSEINC was one of four companies added to the trade blacklist by the US last week, with the other three being Russia’s Positive Technologies as well as Israel’s Candiru and NSO Group.

NSO Group and Candiru were added to the list based on evidence that they “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics and embassy workers”, said the US Department of Commerce on Nov 3.

NSO Group is the developer of Pegasus, a type of malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

Investigations have shown that some governments have used Pegasus to target rights activists, journalists and politicians around the world, with possible targets in Singapore. NSO Group has denied these reports.

Source…