Daily Drop (616): CN: DinodasRAT, CN: EDA Landscape, QakBot, Australian LNG Facilities, RU: Black Sea, Iran's Propaganda Machine, Supply Chains to Supply Networks, Wagner Group's CN SAT Acquisition
10-06-23
Friday, Oct 06, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Wagner Group's Satellite Acquisition: China's Role in Ukraine Conflict
Bottom Line Up Front (BLUF): The Wagner mercenary group, believed to be affiliated with Russia, is said to have acquired satellites from China for use in the conflict against Ukraine. These purchases potentially extend Wagner's surveillance capabilities in the ongoing war.
Analyst Comments: The deployment of the DinodasRAT backdoor against the Guyanese government, combined with the use of Korplug, provides strong indications of a China-aligned threat actor. The compromised Vietnamese government site used to deliver the malware also suggests a more extensive regional cyber espionage network. Given the recent tensions between China and Guyana, especially the arrests linked to Chinese companies, it's likely that this cyber espionage attempt is a strategic move to gather intelligence or exert pressure. The incident underscores the importance of governments fortifying their cyber defenses and underscores the broader geopolitical implications of cyber espionage in strained diplomatic contexts.
FROM THE MEDIA: The Wagner mercenary group has reportedly made a significant acquisition, purchasing satellites from China, aimed at enhancing its operations in the ongoing war against Ukraine. This purchase hints at the growing ties between Russian affiliated entities and Chinese technology. The deal, as per available reports, included the procurement of two high-resolution observation units. Additionally, Wagner secured the rights to bid for other satellite imagery from a network managed by the Chinese operator CGS. The development comes amid concerns over Wagner's involvement in the Ukraine conflict and their potential enhancement of surveillance capabilities through such purchases.This acquisition indicates a growing symbiotic relationship between Chinese tech providers and entities engaged in conflicts, potentially enabling a higher degree of surveillance and intelligence operations on the battlefield. It underscores the evolving landscape of modern warfare, where satellite technology and surveillance play a pivotal role. This development may also raise alarms on an international scale, with countries monitoring the implications of Chinese technology being used in active conflict zones.
READ THE STORY: The Telegraph
Chinese-Linked Hackers Target Guyana Government
Bottom Line Up Front (BLUF): A Chinese-affiliated hacker group is suspected of launching a cyber espionage campaign against the Guyanese government, deploying a new backdoor named DinodasRAT to extract sensitive information. The timing coincides with diplomatic tensions between China and Guyana.
Analyst Comments: The deployment of the DinodasRAT backdoor against the Guyanese government, combined with the use of Korplug, provides strong indications of a China-aligned threat actor. The compromised Vietnamese government site used to deliver the malware also suggests a more extensive regional cyber espionage network. Given the recent tensions between China and Guyana, especially the arrests linked to Chinese companies, it's likely that this cyber espionage attempt is a strategic move to gather intelligence or exert pressure. The incident underscores the importance of governments fortifying their cyber defenses and underscores the broader geopolitical implications of cyber espionage in strained diplomatic contexts.
FROM THE MEDIA: ESET, a cybersecurity firm, identified a cyber espionage campaign targeting Guyana's governmental entities in February 2023. The campaign involves spear-phishing emails centered on Guyanese politics, which, when clicked, leads to the download of the DinodasRAT malware from a compromised Vietnamese government site. This backdoor, written in C++, is designed to exfiltrate files, manipulate Windows registry keys, and run commands. Alongside DinodasRAT, the hackers also used the Korplug backdoor, traditionally linked with Chinese groups such as Mustang Panda.
READ THE STORY: THN // The Record
Lu0Bot: The Evolving Threat of Node.js Malware
Bottom Line Up Front (BLUF): Lu0Bot, a unique malware leveraging Node.js and executable JavaScript code, presents a growing cybersecurity threat. Developed to target platform-agnostic runtime environments, this malware features complex domain structures, custom encryption methods, and multi-layer obfuscation techniques. Despite currently having low activity, it has the potential to become a significant menace if its campaign escalates.
Analyst Comments: The rise of Lu0Bot underscores the evolving tactics and techniques of cyber adversaries. It demonstrates that malware developers are pivoting to less traditional programming languages, which might offer them advantages in evading detection and increasing their rate of successful infiltrations. Cybersecurity teams and professionals should remain vigilant, constantly updating their detection and defense mechanisms to combat such emerging threats. Investing in advanced sandboxing solutions, like ANY.RUN, can be beneficial in quickly analyzing and obtaining verdicts on suspicious files, thereby strengthening an organization's defense posture against evolving threats like Lu0Bot.
FROM THE MEDIA: Lu0Bot is a recent entrant in the malware landscape, notable for its utilization of Node.js, a runtime environment common in modern web apps. By adopting such unconventional programming languages, malware developers hope to sidestep advanced detection systems. Lu0Bot's specific approach incorporates multi-layer obfuscation, making it particularly challenging to detect and analyze. A comprehensive technical analysis of Lu0Bot has been conducted, revealing its mechanism of using an SFX packer, creating self-extracting archives, and implementing a unique domain structure combined with custom encryption techniques. This malware, though presently inactive, sets a concerning precedent, indicating that if its command-and-control server becomes active, the threats and breaches could be substantial.
READ THE STORY: THN
China's EDA Landscape: Unraveling the Empyrean Enigma and the Quest for Semiconductor Supremacy
Bottom Line Up Front (BLUF): Empyrean Technology's soaring growth showcases China's determination in the EDA landscape amidst ongoing U.S. sanctions. However, the intrigue surrounding SMIC's production capabilities for Huawei's Kirin 9000S chip highlights China's ongoing struggle to break technological barriers imposed by international restrictions.
Analyst Comments: China's pursuit to establish a robust domestic EDA industry is evident through Empyrean's robust performance and expansion into advanced chip technologies. However, the backdrop of U.S. sanctions adds a layer of complexity, particularly highlighted by the Kirin 9000S chipset saga. As Empyrean and other Chinese EDA companies strive to improve their offerings, collaborations, like that between Empyrean and UniVista, may prove crucial. The introduction of ACC 1.0, an indigenous Chiplet Interconnect Interface Standard, further exemplifies China's attempt to create a self-reliant semiconductor ecosystem. While strides are being made, uncertainties surrounding SMIC's manufacturing capabilities (particularly if they have truly achieved a 7nm process) illustrate the challenges China faces. The nation's future in the semiconductor space hangs in a balance between innovation, collaboration, and geopolitical dynamics.
FROM THE MEDIA: Empyrean Technology, a leading Chinese EDA company, reported stellar financial results, with significant growth in revenues and profits. This growth is attributed to the burgeoning EDA sector in China and Empyrean's expansion strategies. The company also delved into AI-based design automation and chiplet-based advanced packaging, signifying their intent to tap into next-gen chip technologies. Despite the progress, industry experts note a considerable gap between Chinese EDA players and their international counterparts, mainly due to the absence of a comprehensive tool suite and ecosystem. Empyrean's ambitious future goals underscore their intent to bridge this gap.
READ THE STORY: DigiTimes Asia
QakBot Cybercriminals Still Active, Shift Focus to Ransomware
Bottom Line Up Front (BLUF): Despite the concerted efforts by international law enforcement agencies to disrupt the QakBot malware infrastructure, the cybercriminal group behind it remains active. They are currently concentrating on distributing ransomware, indicating that the law enforcement operation may have only partially affected their operations.
Analyst Comments: The QakBot malware has been one of the most persistent and damaging cyber threats over the past decade. While the recent takedown operation was a significant achievement for international law enforcement, it underscores the challenges of permanently disrupting sophisticated cybercriminal operations. Without apprehending the individuals behind these operations, there's always the possibility of the threat actors bouncing back, rebuilding their infrastructure, and continuing their malicious activities. The involvement of QakBot's team with the Ransom Knight ransomware could elevate its threat, especially if they restore QakBot's full operational capabilities. Organizations worldwide must remain vigilant and continually update their cybersecurity measures to protect against evolving threats.
FROM THE MEDIA: In late August, a joint effort by law enforcement agencies from the U.S., France, Germany, the Netherlands, the UK, Romania, and Latvia resulted in the takedown of QakBot's infrastructure, a malware platform linked to various cyberattacks since its inception in 2008. However, new evidence suggests that this takedown might have had a limited impact. Cisco Talos researchers have recently revealed that the hackers, although unable to distribute the QakBot malware post-takedown, have been actively spreading the Cyclops/Ransom Knight ransomware and Remcos backdoor malware. This new campaign aligns with their traditional modus operandi of using phishing emails for distribution, targeting primarily European users. The concerning part of this revelation is that QakBot's distribution mechanisms appear intact. These tactics, combined with the fact that the threat actors behind QakBot were not arrested during the takedown, suggest that they could easily revert to their previous cybercriminal activities.
READ THE STORY: CyberNews // THN // The Record
Chevron Faces Renewed Strikes at Australian LNG Facilities
Bottom Line Up Front (BLUF): The recent Slovakian elections witnessed a surge in AI-generated deepfakes, signaling a new era of disinformation in political campaigns. These manipulated recordings, which are becoming increasingly sophisticated and accessible, have the potential to significantly influence voter perceptions and election outcomes.
Analyst Comments: The renewed intent to strike indicates deep-seated issues between the workforce and Chevron management, with trust seemingly eroded. Given that these facilities account for about 7% of global LNG, prolonged industrial action could have wider implications on global LNG supplies and prices. The inability of both parties to finalize the wording of a contract, even after FWC's intervention, suggests that the dispute is complex and may require more than standard arbitration. If unresolved, there is a significant risk of this matter returning to the FWC or even escalating further. Chevron, being a major player in the energy sector, will likely face increased scrutiny from stakeholders and could suffer reputational damage if the strikes proceed.
FROM THE MEDIA: Night-shift workers at Chevron's Gorgon and Wheatstone LNG facilities in Western Australia have expressed their intent to recommence strikes, echoing a similar sentiment from their colleagues earlier. This decision stems from claims that Chevron reneged on an agreement which had previously halted industrial action last month. The Offshore Alliance, a union coalition representing the workers, has communicated its disappointment with Chevron's purported breach of faith, especially given the lengthy negotiations over the past year. As per regulations, Chevron is to be given a seven-day notice before strikes can officially begin, and the unions plan to serve this notice soon. Although Chevron has not directly commented on the latest developments, they've previously indicated their commitment to finalizing a deal based on recommendations made by Australia's industrial arbitrator, the Fair Work Commission (FWC), in the prior month.
READ THE STORY: Reuters
East Asian Semiconductor Firms Under Attack from Chinese Hackers
Bottom Line Up Front (BLUF): Chinese-linked hackers have been found targeting East Asian semiconductor firms using sophisticated malware and tactics. Lures disguised as Taiwan Semiconductor Manufacturing Company (TSMC) content were used to deploy the Cobalt Strike beacons, with the intent of carrying out cyber espionage activities.
Analyst Comments: The deployment of the DinodasRAT backdoor against the Guyanese government, combined with the use of Korplug, provides strong indications of a China-aligned threat actor. The compromised Vietnamese government site used to deliver the malware also suggests a more extensive regional cyber espionage network. Given the recent tensions between China and Guyana, especially the arrests linked to Chinese companies, it's likely that this cyber espionage attempt is a strategic move to gather intelligence or exert pressure. The incident underscores the importance of governments fortifying their cyber defenses and underscores the broader geopolitical implications of cyber espionage in strained diplomatic contexts.
FROM THE MEDIA: According to EclecticIQ, an intrusion set is actively targeting semiconductor companies in East Asia. These attacks leverage a backdoor named HyperBro, which subsequently serves as a gateway to deploy the Cobalt Strike beacons, a commercial post-exploitation toolkit. The hackers also employed an as-yet undocumented malware downloader to deploy Cobalt Strike, showcasing their versatility in approach. The campaign has been attributed to a China-affiliated group primarily because of the use of HyperBro, which has ties to known Chinese cyberespionage group, Lucky Mouse (also known as APT27, Budworm, and Emissary Panda).The operational tactics of the threat actors are sophisticated and multi-pronged. By masquerading as TSMC, they demonstrate awareness of their targets and a refined approach to deception. The use of both HyperBro and an undocumented malware downloader suggests a high level of adaptability, indicating that these actors are both advanced and resourceful. The revelation about Belgium's intelligence agency investigating Chinese entities for potential espionage activities further underscores the growing concerns about China's cyber capabilities and intentions. Given the strategic importance of the semiconductor industry, it's crucial for companies in this sector to be vigilant and shore up their cyber defenses.
READ THE STORY: THN
Escalating Tensions in the Black Sea: Russia's Underhand Tactics against Ukraine Revealed
Bottom Line Up Front (BLUF): Russia is allegedly seeking to sabotage civilian tankers carrying Ukrainian grain in the Black Sea using covert tactics. Britain, leveraging declassified intelligence, accuses Russia of attempting to plant sea mines rather than directly attacking the ships. Such actions could escalate tensions in the region, endanger civilian lives, and further disrupt vital grain exports.
Analyst Comments: The implications of these events are significant. Russia's covert activities in the Black Sea not only threaten civilian lives but also the stability of grain exports, which are vital to many economies. If unchecked, this could lead to escalating military actions and further destabilize the region. The EU and NATO's ability to respond effectively is critical to prevent further escalations. Additionally, as Western powers provide military support to Ukraine, their diminishing ammunition stockpiles reveal an under-preparedness that could impact future conflict resolutions. The complexities of the situation demand international collaboration and proactive strategies to prevent further civilian casualties and ensure the stability of essential trade routes.
FROM THE MEDIA: The UK has raised serious concerns over Russia's tactics, claiming they are scheming to covertly destroy merchant vessels traveling through Ukraine's humanitarian corridor. Instead of openly attacking these vessels, Russia seems to be deploying a strategy to plant sea mines near Black Sea ports. This tactic would cause significant damage, with Russia likely trying to place the blame on Ukraine to avoid international repercussions. The Foreign Office of the UK aims to deter Moscow from executing this plan by making the intelligence public. The region has already been under heightened tensions, with civilian tankers carrying Ukrainian grain exports under threat since July due to Russia's decision to withdraw from an agreement to ensure the safety of food exports. A separate incident where Russian forces attacked a village, resulting in significant civilian casualties, further escalates the situation. Additionally, Russia's move to set up a permanent naval base in the breakaway Georgian region of Abkhazia signifies Moscow's increasing military foothold in the Black Sea region.
READ THE STORY: Emerging Europe
Alibaba Under Scrutiny: Belgian Intelligence Investigates Espionage Suspicions
Bottom Line Up Front (BLUF): The Belgian intelligence agency, State Security Service (VSSE), has raised concerns about possible espionage activities linked to the Chinese conglomerate, Alibaba, at the European logistics center located at Liege Airport.
Analyst Comments: The implications of these findings are significant. If the suspicions are accurate, it could represent a major cyber espionage operation, with data potentially affecting a wide range of industries and sectors in Western nations. Belgium's position in the European Union, coupled with the strategic importance of the Liege Airport as a logistics hub, makes this issue all the more sensitive. Companies and governments need to be vigilant and conduct thorough assessments of their supply chains and partners, especially when intertwined with entities that have close ties to nations known for cyber espionage activities.
FROM THE MEDIA: Alibaba, one of China's largest tech companies, has its primary European logistics center situated at Liege Airport. Recent findings by the VSSE indicate potential cyber espionage activities taking place, with suspicions that the Chinese government might compel Chinese businesses to support intelligence operations in accordance with its National Intelligence Law. The concerns primarily revolve around the possibility that data gathered by Alibaba through its systems at the hub could offer insights into logistics and critical actors in supply chains. Such data, if accessed by Chinese intelligence agencies, could be pivotal for cyber espionage, sabotage, and financial intelligence on Western nations. Alibaba's logistics arm, Cainiao, operational at the Liege hub since 2018, has refuted these allegations.
READ THE STORY: Security Affairs
Inside Iran's Propaganda Machine: An Influence Campaign Targeting the US Congress
Bottom Line Up Front (BLUF): Iran's leadership has strategically orchestrated a global propaganda campaign to shift the narrative on sanctions, primarily using the COVID-19 pandemic as a catalyst. This effort potentially influenced US officials and exploited the pandemic to bolster Iran's position, despite internal decisions exacerbating their own COVID-19 situation.
Analyst Comments: The Iranian regime’s sophisticated global influence campaign underscores the importance of discerning information in the age of propaganda. Iran's strategic use of the COVID-19 pandemic as leverage, coupled with a targeted influence campaign, poses challenges for international diplomacy and policy-making. It highlights the necessity for western policymakers to comprehend and counteract such strategies and narratives to ensure that decisions are based on factual ground realities rather than manipulated information.
FROM THE MEDIA: President Hassan Rouhani's administration has been forthright about their intentions to sway global opinion against the sanctions imposed on Iran. Iran International's recent revelations unveiled an intricate network that pushes Iran's policies on the global stage, which may have influenced US lawmakers and administration members, including Robert Malley. The crux of the propaganda hinges on the premise that sanctions are inhibiting Iran's ability to respond to the pandemic. This claim comes despite evidence pointing to Iran's political ties with China, which allowed COVID-19 to spread extensively in Iran. Furthermore, Iran has declined medical aid from the US and expelled Doctors Without Borders, branding them as spies. All while navigating the pandemic, Iran prioritized defense spending over public health. Despite international assumptions and pleas, there's an evident risk that the recently unfrozen assets might not be funneled towards humanitarian needs based on the regime's past financial behavior.
READ THE STORY: Iranian International
Evolving Dynamics: The Shift from Supply Chains to Supply Networks
Bottom Line Up Front (BLUF): Modern supply chains are transitioning from linear models to dynamic, tech-driven networks due to geo-economic factors, technological advancements, and global events. This transformation is driving the need for enhanced cybersecurity, trust, and real-time data utilization.
Analyst Comments: The transformation from supply chains to supply networks is a crucial step forward in ensuring that global commerce remains robust, resilient, and responsive to modern challenges. This shift is not just a reaction to recent global events, but a proactive approach to a rapidly changing technological and geopolitical environment. The emphasis on cybersecurity underscores the growing role of technology in this space, making it a critical concern for future operations. Similarly, the transition to network-based operations underscores the importance of collaboration, trust, and agility among global trading partners. However, as these networks become more complex, the challenges of maintaining trust, ensuring security, and managing real-time data will increase. Companies need to be forward-thinking, agile, and collaborative to ensure that these new supply networks remain efficient and resilient in the face of future challenges.
FROM THE MEDIA: In the 1980s, the term 'supply chain' was introduced, setting the foundation for global trade and logistics. Today, however, the landscape has changed significantly. The global pandemic, coupled with geopolitical tensions, has emphasized the need for supply chains to evolve. Instead of the traditional linear model, companies are now viewing their operations as dynamic networks, termed by some as 'networked supply' or 'demand response networks'. This new model emphasizes technologically-driven operations involving smart suppliers, plants, transportation entities, and strategically placed product locations. As per Glenn A. Steinberg, EY Global Supply Chain Leader, modern supply chains need to incorporate factors like resilience and sustainability alongside traditional parameters like cost and speed. This transformation to a more network-centric model is attributed to changing world orders, pushing companies to reconsider their global footprints. Resilience and end-to-end visibility are now foundational. Furthermore, the rise of technology in these networks underscores the importance of cybersecurity. Traditional chains are evolving into "private trading networks" which are permission-based, emphasizing the importance of trust among participants.
READ THE STORY: Supply Chain
GoldDigger: The New Android Banking Threat in Asia Pacific
Bottom Line Up Front (BLUF) A new Android banking trojan, GoldDigger, targets over 50 Vietnamese financial applications with potential intentions to expand its influence across the Asia Pacific region. This malware employs advanced protection mechanisms, making detection and analysis challenging.
Analyst Comments: GoldDigger's infiltration of numerous financial apps underscores a significant threat to users in the APAC region, especially with indications of its potential spread beyond Vietnam. Its innovative use of established tools, such as Android's accessibility services, reveals a sophisticated approach to malware deployment. The malware's ability to evade traditional analysis using tools like the Virbox Protector heightens concerns. As it camouflages itself by impersonating official Vietnamese entities, users must exercise extreme caution. Continuous monitoring and advanced detection techniques are imperative to combat such evolving threats.
FROM THE MEDIA: Discovered by Singapore-based company Group-IB, GoldDigger is a banking trojan targeting multiple financial applications in Vietnam, including banking, e-wallet, and crypto wallet apps. While its presence was first detected in August 2023, evidence suggests its operations began in June 2023. The malware disguises itself by imitating a Vietnamese government portal and an energy firm. Its modus operandi includes exploiting Android's accessibility services to extract personal data, swipe banking credentials, and even log keystrokes, thereby offering remote access to compromised devices. The malicious software's distribution is enhanced by fake websites resembling the Google Play Store, potentially distributed via smishing or traditional phishing. This trojan is one in a series of Android banking malware emerging recently. One of GoldDigger's distinctive traits is its use of "Virbox Protector", an advanced protection mechanism that hampers both static and dynamic malware analysis, making it a potent threat.
READ THE STORY: THN
Grindr's Privacy Quandary: FTC Called to Probe Data Practices
Bottom Line Up Front (BLUF): The Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission (FTC) accusing the LGBTQ+ dating app Grindr of illegally storing and sharing user-sensitive data, including HIV and vaccination statuses.
Analyst Comments: Grindr's alleged violations pose significant risks to its user base, especially considering many LGBTQ+ users might not be public about their identities. Past infringements, like the sale of location data, amplify the gravity of these claims. The potential mishandling of sensitive user data, such as HIV status, is concerning not just from a privacy standpoint but also from an ethical perspective. The FTC's intervention is crucial to ensure user data integrity and maintain trust in digital platforms.
FROM THE MEDIA: The privacy nonprofit, EPIC, lodged a complaint against Grindr, highlighting the dating app's record of jeopardizing users' privacy and security. This complaint was buoyed by allegations from Grindr's ex-chief privacy officer, Ronald De Jesus, who initiated a lawsuit against the company claiming wrongful termination after raising concerns about the app's frequent breaches of its own privacy policies. EPIC's complaint reveals that despite Grindr's assurances to delete user data within 28 days of account removal, the app seemWagner Group's Satellites to retain user data and even permits staff unrestricted access to this private data. In response, Grindr maintains that it prioritizes user privacy and considers the raised allegations baseless. Previous privacy transgressions cited in the complaint include Grindr's sale of location data to ad networks and unauthorized sharing of user data with advertising companies. EPIC asserts that Grindr's actions might breach Section 5 of the FTC Act and the agency’s Health Breach Notification Rule.
READ THE STORY: The Record
Shedding Light on the Shadows: The Predator Files Expose a New Spyware Player
Bottom Line Up Front (BLUF): The recent investigative project called "Predator Files" reveals insights about a lesser-known spyware outfit called Intellexa Alliance and its associated Predator spyware. Unlike the widely publicized Pegasus spyware from NSO Group, this investigation unveils how this new spyware has been used across multiple continents. The investigation raises alarms about the unregulated spread and misuse of advanced surveillance technology.
Analyst Comments: The unearthing of Predator's extensive reach brings to the forefront the urgent need for international collaboration and regulatory oversight of spyware technologies. Amnesty International, a significant contributor to the investigation, has articulated the potential misuse of such spyware in undermining human rights, press freedoms, and social movements. The revelations from the "Predator Files" not only emphasize the vast and mostly unchecked world of surveillance technology but also the potential geopolitical implications of its misuse. With European institutions' regulatory framework coming into question, there's a pressing call for tighter global regulations. Given the US's recent actions against Intellexa, positioning them on its "entity list," it's evident that the international community must work cohesively to address the challenges posed by these covert technologies.
FROM THE MEDIA: The investigative project titled "Predator Files" has drawn back the curtain on a lesser-known spyware outfit, Intellexa Alliance, and its associated software, Predator. While the cybersecurity world has largely been focused on the NSO Group and its Pegasus spyware, Intellexa's Predator has silently infiltrated multiple continents. The investigation's findings show a reach spanning 25 countries, encompassing Asia, Africa, Europe, and the Middle East. Countries like Switzerland, Austria, Germany, and several others in the Middle East and Asia have been identified as areas of operation.
READ THE STORY: The Washington Post
Items of interest
Mercenary Spyware: The Increasing Role of Cyber Tools Amidst Catalonia's Independence Struggle
Bottom Line Up Front (BLUF): Recent research by The Citizen Lab reveals that at least 65 individuals in Catalonia were targeted or infected by mercenary spyware, amidst the region's ongoing political tension with Spain. While a direct attribution to the Spanish government is absent, the circumstantial evidence is suggestive.
Analyst Comments: This revelation highlights the growing intersection of geopolitics and cyber tools, with state and non-state actors leveraging sophisticated malware for surveillance and information warfare. In the backdrop of Catalonia's aspirations for independence and its historically contentious relationship with Spain, this cyber espionage adds a new dimension to the already volatile scenario. The discovery emphasizes the need for enhanced cybersecurity measures and transparency from government bodies, especially in regions grappling with political unrest. If such cyber interventions continue unchecked, it could exacerbate tensions, undermining potential dialogue avenues between Catalonia and Spain.
FROM THE MEDIA: In collaboration with Catalan civil groups, The Citizen Lab has discovered an alarming number of individuals subjected to or infected with mercenary spyware. Out of these, 63 faced threats from the Pegasus spyware, and four from Candiru. The targets encompass a broad spectrum, from academics and activists to high-level government officials. While the operations' attribution remains inconclusive, the extensive surveillance and the profile of targets indicate a potential nexus with Spanish authorities.
READ THE STORY: Citizenlabs
Predator Spyware, the Pegasus Competitor Explained - Technical (Video)
FROM THE MEDIA: Commercial surveillance for hire has been proliferating. In 2021 a new spyware call Predator, from Cytrox, an Intellexa Alliance member, was discovered.
John Scott-Railton was the target of an international mercenary spy operation (Video)
FROM THE MEDIA: When John Scott-Railton, a researcher at Citizen Lab, was contacted by someone claiming to be interested in his work, he was immediately suspicious. He decided to play along and found himself in a game of spy versus spy. This Happened to Me: Reclaiming the Internet is a video series from CBC Radio featuring stories of technology experts and their dire warnings about digital privacy. They are part of the 2020 Massey Lectures. You can read more at https://www.cbc.ca/1.5795345
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.