Watering-hole in Hong Kong. US, EU join Paris Call. NSO C-suite turnover. ICS advisories. Rising tensions in Eastern Europe.

Attacks, Threats, and Vulnerabilities

COVID-19: North Korean hackers detected searching for vaccine manufacturing secrets (Sky News) The cyber campaign comes despite the regime in Pyongyang claiming that there are no COVID-19 cases in the country and declining three million vaccine doses from UNICEF.

North Korean hackers target the South’s think tanks through blog posts (ZDNet) Responsibility for new attacks has been laid at the feet of the Kimsuky threat group.

Lazarus hackers target researchers with trojanized IDA Pro (BleepingComputer) A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.

South Korean Users Targeted with Android Spyware ‘PhoneSpy’ (SecurityWeek) Researchers find Android malware with extensive spyware capabilities, including data theft, GPS monitoring, and audio and video recording.

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens (Zimperium Mobile Security Blog) Zimperium has discovered the active malware campaign PhoneSpy, a spyware aimed at South Korean residents with Android devices.

macOS zero-day deployed via Hong Kong pro-democracy news sites (The Record by Recorded Future) A suspected state-sponsored threat actor has used Hong Kong pro-democracy news sites to deploy a macOS zero-day exploit chain that installed a backdoor on visitors’ computers.

Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users (Vice) “The nature of the activity and targeting is consistent with a government backed actor,” the Google researchers say.

This new Android spyware masquerades as legitimate apps (TechCrunch) The spyware has already ensnared over a thousand victims.

FBI: Iranian threat actor trying to acquire leaked data on US organizations (The Record by Recorded Future) The US Federal Bureau of Investigation says that a threat actor known to be associated with Iran is currently seeking to acquire data from organizations across the globe, including US targets.

PA alleges: NSO Group spyware used to hack foreign ministry workers’ phones (Times of Israel) Palestinian Authority asserts it has proof of…