Tag Archive for: Pegasus

Pegasus spyware observed in Thailand. New North Korean ransomware group. Cozy Bear uses online storage services.

/in


At a glance.

  • Pegasus spyware observed in Thailand.
  • New North Korean ransomware group.
  • Cozy Bear uses online storage services.
  • A new technique against air-gapped systems.

Pegasus spyware observed in Thailand.

Researchers at the University of Toronto’s Citizen Lab have observed the Pegasus spyware being used in “an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy.” The spyware targeted at least thirty people between October 2020 and November 2021, and coincided with pro-democracy protests in Thailand. Citizen Lab doesn’t definitively attribute the campaign to the Thai government, but they believe it’s unlikely that another nation-state would be interested in these targets:

“Conducting such an extensive hacking campaign against high profile individuals in another country is risky and runs the possibility of discovery, especially given the well-known previous cases where Pegasus infections were publicly discovered and publicly disclosed.

“In addition, the victimology, and in some cases the timing of the infections, reflects information that would be easily available to the Thai authorities, such as non-public relationships and financial activity, but substantially more challenging for other governments to obtain.”

New North Korean ransomware group.

Microsoft warns that a North Korean threat actor that calls itself “H0lyGh0st” is targeting small and midsize businesses in several countries with ransomware. The victims include “manufacturing organizations, banks, schools, and event and meeting planning companies.” Microsoft tracks the threat actor as DEV-0530, and notes that it’s not clear if Pyongyang is behind the operation or if North Korean government employees are acting independently for their own financial gain:

“The first possibility is that the North Korean government sponsors this activity. The weakened North Korean economy has become weaker since 2016 due to sanctions, natural disasters, drought, and the North Korean government’s COVID-19 lockdown from the outside world since early 2020. To offset the losses from these economic setbacks, the North Korean government could have sponsored cyber actors stealing from…

Source…

India’s battle with Pegasus tells a bigger tale of tech laws • The Register

/in


Analysis NSO Group’s Pegasus spyware-for-governments keeps returning to the headlines thanks to revelations such as its use against Spain’s prime minister and senior British officials. But there’s one nation where outrage about Pegasus has been constant for nearly a year and shows little sign of abating: India.

A quick recap: Pegasus was created by Israeli outfit NSO Group, which marketed the product as “preventing crime and terror acts” and promised it would only sell the software to governments it had vetted, and for approved purposes like taking down terrorists or targeting criminals who abuse children.

Those promises are important because Pegasus is very powerful: targets are fooled into a “zero click” install of the software, after which their smartphones are an open book.

In July 2021, Amnesty International and French journalism advocacy organisation Forbidden Stories claimed Pegasus had been used well beyond its intended purpose, and claimed to have accessed a list of over 50,000 phone numbers NSO clients had targeted for surveillance.

Many were politicans, activists, diplomats, or entrepreneurs – jobs that are just not the sort of role NSO said it would let governments target with Pegasus.

Over 300 Indian residents made that list – among them opposition politicians, activists, and officers of the Tibetan government in exile.

NSO has offered no explanation, or theory, for how its promises turned to dust.

The New York Times reported Prime Minister Narendra Modi purchased Pegasus in 2017 as part of an overall weapons deal worth roughly $2 billion, but Indian politicians have resisted admitting to its acquisition or use.

The mere implication that India’s government had turned Pegasus against political opponents was dynamite and complaints poured in from those who felt they had been targeted.

Those complaints were heeded: in…

Source…

Proof of Pegasus use on phones, Cyber experts tell SC panel

/in


At least two cyber-security researchers, who have deposed before the Supreme Court-appointed committee that’s probing the use of Pegasus for allegedly spying on citizens, have told the panel that they found concrete evidence of use of the malware on the devices of the petitioners.

These cyber-security researchers were engaged by some of the petitioners to depose before the top court panel and provide details of the forensic analysis done by them.

One of the two researchers anyalsed iPhones of seven people, of which two were found to be infected with Pegasus, this researcher told The Indian Express. The researcher submitted an affidavit to the Supreme Court and subsequently deposed before the panel to say that the evidence on the two phones were uncovered using a forensic tool.

After deleting personally identifiable data from the devices of the two persons, the cybersecurity researcher found that while Pegasus had infected the phone of one of the petitioners in April 2018, the other phone had “multiple entries” for various stages of malware deployment between June and July 2021.

“Multiple entries going back to March 2021 indicating that the Pegasus malware tried to delete entries from the process table databases,” the first cybersecurity researcher said in the affidavit to the Supreme Court.

The other cybersecurity researcher, who analysed Android phones of six of the petitioners in the case, found distinct versions of the malware on four phones, while two of the remaining devices had variants of the original versions of Pegasus present on them, this researcher told The Indian Express.

“We have an emulator for Android on which we verified that it has all the variants of the malware. What we found is that this (malware) is so virulent that it could not have been used for legitimate purposes. It not only reads your chats, it can get your videos, turn the audio or video at any time,” the cybersecurity researcher said.

The Supreme Court had on October 27 last year appointed a three-member panel, under the supervision of retired Supreme Court judge Justice R V Raveendran, to look into the allegations of unauthorised surveillance using the Pegasus spyware. The…

Source…

Pegasus hack reported on iPhones of Human Rights Watch official

/in



Human Rights Watch official Lama Fakih was at a meeting in Beirut, where she lives and works, when a strange message appeared on her iPhone on Nov. 24: “ALERT,” it said. “State-sponsored attackers may …

Source…