Tag: spying | Page 3

Mystery hackers are “hyperjacking” targets for insidious spying

October 1, 2022/in Computer Security

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy on and manipulate virtual machines, with potentially no way for a targeted computer to detect the intrusion. That insidious spying has finally jumped from research papers to reality with warnings that one mysterious team of hackers has carried out a spree of “hyperjacking” attacks in the wild.

Today, Google-owned security firm Mandiant and virtualization firm VMware jointly published warnings that a sophisticated hacker group has been installing backdoors in VMware’s virtualization software on multiple targets’ networks as part of an apparent espionage campaign. By planting their own code in victims’ so-called hypervisors—VMware software that runs on a physical computer to manage all the virtual machines it hosts—the hackers were able to invisibly watch and run commands on the computers those hypervisors oversee. And because the malicious code targets the hypervisor on the physical machine rather than the victim’s virtual machines, the hackers’ trick multiplies their access and evades nearly all traditional security measures designed to monitor those target machines for signs of foul play.

“The idea that you can compromise one machine and from there have the ability to control virtual machines en masse is huge,” says Mandiant consultant Alex Marvi. And even closely watching the processes of a target virtual machine, he says, an observer would in many cases see only “side effects” of the intrusion, given that the malware carrying out that spying had infected a part of the system entirely outside its operating system.

Mandiant discovered the hackers earlier this year and brought their techniques…

Source…

Israeli official’s housekeeper sentenced over spying for Iran-linked hackers

September 8, 2022/in Computer Security

Israeli Defense Minister Benny Gantz’s housekeeper was sentenced to three years in prison for spying for an Iran-linked hacker group, as well as offering to download harmful malware onto his computer, Israeli prosecutors say.

Omri Goren Gorochovsky, 38, and his partner worked as cleaners at the home despite previous criminal convictions. Gorochovsky reached out to the Iran-linked hacker group, known as Black Shadow, through Telegram after hearing about a previous cyberattack on several Israeli websites, an indictment seen by Business Insider claims. The housekeeper sent the group distinguishing pictures of Gantz’s residence as proof he worked there before offering to further spy for them and upload spyware to the defense minister’s computer through a USB drive in exchange for $7,000, according to the filing.

ISRAEL SAYS ‘HIGH PROBABILITY’ ITS FORCES KILLED AL JEEZERA JOURNALIST UNINTENTIONALLY

Gorochovsky, who accepted a plea deal to avoid espionage charges that carry a sentence of 10-15 years, maintained his innocence.

“[Gorochovsky] is not a spy, and this isn’t a spying scandal,” attorneys Gal Wolf and Anat Yaari, Gorochovsky’s defenders, said, according to the Times of Israel. “This is about a man who found himself entangled in debt and identified a security breach.”

In his initial interrogation, Gorochovsky said he intended to trick the Iranian hackers.

“If they would have waited a few days before arresting me, they’d see that I’m not a spy. I wanted to trick the Iranians and take their money without sending them any photo or documents,” he said in his interrogation, according to Channel 12.

Later, however, he admitted to the accusations against him but denied knowing of the hackers’ ties to Iran.

“Who says it was the Iranians? It was hackers on Telegram,” he said in a court appearance.

Gorochovsky’s arrest last November sent shock waves through Shin Bet, Israel’s security agency, with questions arising as to how the housekeeper, who started working for Gantz before he entered politics, made it through the vetting…

Source…

ESET discovers DazzleSpy, a new macOS spying malware

February 2, 2022/in Mobile Security

ESET Research has discovered a new macOS malware spying on visitors to a Hong Kong radio station news site.

According to the cybersecurity research firm, a watering hole attack compromised Hong Kong radio station D100s news website. The attackers served a Safari exploit that installed cyber espionage malware DazzleSpy on site visitors’ Macs.

The vulnerability could also have been exploited on iOS, even on devices such as the iPhone XS and newer, ESET believes.

In fact, ESET says this campaign has similarities with one from 2020 where LightSpy iOS malware was distributed the same way.

According to ESET, the payload DazzleSpy is capable of a wide variety of cyber espionage actions. ESET Research can conclude that the group behind this operation has strong technical capabilities.

The watering-hole operations the attackers have pursued show that the targets are likely to be politically active individuals in Hong Kong. The malicious code is capable of collecting a wide variety of sensitive and personal information.

The first report about the watering-hole attacks leading to exploits for the Safari web browser running on macOS was published by Google last November. ESET researchers were investigating the attacks at the same time as Google and have uncovered additional details about both the targets and malware used to compromise the victims. ESET has confirmed that the patch identified by the Google team fixes the Safari vulnerability used in the attacks.

“The exploit used to gain code execution in the browser is quite complex and had more than 1,000 lines of code. Its interesting to note that some code suggests the vulnerability could also have been exploited on iOS, even on devices such as the iPhone XS and newer,” says Marc-tienne Lveill, who investigated the watering-hole attack.

“This campaign has similarities with one from 2020 where LightSpy iOS malware was distributed the same way, using iframe injection on websites for Hong Kong citizens leading to a WebKit exploit,” he says.

Lveill says the payload DazzleSpy is capable of a wide variety of cyber espionage actions.

“It can collect information about the compromised computer; search for specified files; scan…

Source…

Mandatory Olympics iOS, Android app spying on athletes for China: Report

January 29, 2022/in Mobile Security

A researcher has found that the mandatory Beijing 2022 Olympics app for iOS and Android is reportedly collecting and sending audio to Chinese servers.

According to AppleInsider, researcher Jonathan Scott had posted his findings after reverse-engineering the mandatory MY2022 Olympics app.

As it turns out, the app is capable of spying on Olympians and attendees and sending the audio to Chinese servers to be analysed, the report said.

MY2022 is a non-optional app that must be used by both athletes and attendees of the 2022 Winter Olympics.

The app is designed to help reduce the spread of Covid-19 and act as a central hub for information on events, weather, travel, and points of interest.

The App Store listing claims that the app does not collect data, though Scott has shown it does. The app doesn’t employ exploits or security holes, the report said.

Instead, it actively listens to all audio and sends it off to servers based in China, it added.

If the app is moved to the background, it will force itself to the foreground to ensure it has permission to listen in, claims Scott.

–IANS

vc/ksk/

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from…

Source…

Tag Archive for: spying

Dear Reader,