Trimark Security’s Post

“Exiled, then spied on: civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware.” In our new report in collaboration with Citizen Lab and independent security expert Nikolai Kvantiliani, we uncovered at least seven people in civil society targeted by NSO Group’s Pegasus spyware within the EU. Read more to get further insights on these chilling human rights violations and digital security tips. https://lnkd.in/gYJ5s69E

NSO Group, which makes Pegasus spyware, keeps trying to extract information from Citizen Lab researchers — and a judge keeps swatting it down. researchers at Citizen Lab have monitored Israeli spyware firm NSO Group and its banner product, Pegasus. In 2019, Citizen Lab reported finding dozens of cases in which Pegasus was used to target the phones of journalists and human rights defenders via a WhatsApp security vulnerability. Now NSO, which is blacklisted by the U.S. government for selling spyware to repressive regimes, is trying to use a lawsuit over the WhatsApp exploit to learn “how Citizen Lab conducted its analysis.” The lawsuit, filed in U.S. federal court in 2019 by WhatsApp and Meta (then Facebook), alleges that NSO sent Pegasus and other malware to approximately 1,400 devices across the globe. For more than four years, NSO has failed repeatedly to get the case thrown out. With the lawsuit now moving forward, NSO is trying a different tactic: demanding repeatedly that Citizen Lab, which is based in Canada, hand over every single document about its Pegasus investigation. A judge denied NSO’s latest attempt to get access to Citizen Lab’s materials last week.

Today for World Press Freedom Day the Center for News, Technology & Innovation - CNTI is honoring the critical role the press plays in our democracy around the world. Amidst a changing media landscape and an increase in physical and digital security threats of journalists in many parts of the world, governments must continue to promote freedom of speech, freedom of the press and an independent media.    Read our  “Journalists & Cyber Threats” Issue Primer to learn more about the challenges the press face around the world: https://lnkd.in/dbjyrTzu

“The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and policy experts in the country.    The Intellexa Alliance is a consortium of several companies, including Cytrox, linked to a mercenary spyware solution called Predator. In July 2023, the U.S. government added Cytrox and Intellexa, as well as their corporate holdings in Hungary, Greece, and Ireland, to the Entity List.     Predator, much like NSO Group's Pegasus, can infiltrate Android and iOS devices using zero-click attacks that require no user interaction. Once installed, the spyware makes it possible for the operators to harvest sensitive data and surveil targets of interest.“    The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and five entities associated with the Intellexa Alliance. Following the revelations about its multi-tiered delivery infrastructure, the operators of Predator have decided to shut down their servers.    Read more to find out about the spyware that targets officials as well as journalists and share your thoughts with us! https://lnkd.in/gzZtKffp     #cybertronium #cybertroniummalaysia #privacy #spyware 

Iranian hackers pose as journalists to push backdoor malware The Iranian state-backed threat actor tracked as APT42 is employing #socialengineeringattacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. #APT42: This group has been active since #2015 and was first documented by Mandiant in #September2022. They have carried out at least 30 operations in 14 countries. #Affiliation: #APT42 is believed to be affiliated with Iran’s Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). #Targets: The group targets non-governmental organizations, media outlets, educational institutes, activists, and legal services. #Methods: #APT42 uses #socialengineeringattacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. They use malicious emails to infect their targets with two custom backdoors, #“Nicecurl” and #“Tamecat,” which provide command execution and #data exfiltration capabilities. #Impersonation: The group creates online personas posing as journalists, NGO representatives, or event organizers and sends emails from domains that “typosquat” (use similar URLs) to those of legitimate organizations. They have impersonated media organizations like the Washington Post (U.S.), The Economist (UK), The Jerusalem Post (IL), Khaleej Times (UAE), Azadliq (Azerbaijan). #TrustBuilding: After exchanging enough communication to build trust with a victim, they send a link to a document related to a conference or a news article, depending on the selected lure topic. #APT42 #Impersonation #socialengineering #cybersecurity https://lnkd.in/d_mV_uS4

APT attacks, often employing tools like NSO's Pegasus, remain undetected for an astonishing average of 71 days in the Americas, 177 days in EMEA, and 204 days in APAC. Consider the vast amount of data and compromising personal information that could be harvested in 71+ days (I certainly wouldn't want anyone knowing I've been binge-watching reruns of New Girl on Netflix 😱 ). Fortunately, Jamf possesses the unique capability to conduct OS-level scans on iOS and Android devices, identifying IOCs indicative of known spyware or potential zero-day attacks. A huge shoutout to our dedicated engineers and threat researchers who support Jamf Executive Threat Protection! #jamf #spyware #pegasus

🇬🇧🇫🇷 The UK and France are collaborating to strengthen regulations around the sale and export of cyber intrusion tools, aiming to prevent these technologies from falling into the hands of malicious actors. This move is part of broader efforts to ensure that such tools are not used to undermine international security or violate human rights. The new measures will include stricter licensing and monitoring processes to control the distribution of these sensitive technologies. #CyberSecurity #InternationalRelations #UK #France #TechNews https://lnkd.in/exvQjcry

A cybersecurity expert emphasized the importance of international cooperation to ensure transparency in the surveillance software ecosystem, asserting that such collaboration is crucial to prevent the unethical use of covert technologies, which, if left unchecked, could lead to irreversible consequences such as loss of privacy and erosion of public trust in governing institutions. Yoon Sang-pil, a research professor at the School of Cybersecurity at Korea University, discussed real-world cases where surveillance software has been used in countries like Mexico and Saudi Arabia to suppress journalists and violate private citizens’ civil liberties. He delivered this speech during the inaugural Cybersecurity Law Forum, hosted by the Law and Policy Research Committee of the Korean Association of Cybersecurity Studies (KACS). The research professor raised grave concerns about the potential impact of spyware on civil society. Notably, such surveillance technology is not limited to authoritarian regimes but also infiltrates democratic countries. Citing the findings of the European Parliament’s Committee of Inquiry on the use of Pegasus and equivalent surveillance spyware (PEGA) in 2023, Yoon revealed conclusive evidence of such software being deployed in Poland, Greece, Hungary, and Spain. Pegasus, a notorious spyware, is developed by the Israeli company NSO Group, and is known for infiltrating iOS and Android devices without users’ knowledge, secretly collecting information such as texts, emails, location data, and more. #spyware #surveillance #software #cybersecurity #NSO #Pegasus https://lnkd.in/gXyjfduE

The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and policy experts in the country. "The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the agency said. "The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes." The Intellexa Alliance is a consortium of several companies, including Cytrox, linked to a mercenary spyware solution called Predator. In July 2023, the U.S. government added Cytrox and Intellexa, as well as their corporate holdings in Hungary, Greece, and Ireland, to the Entity List. Predator, much like NSO Group's Pegasus, can infiltrate Android and iOS devices using zero-click attacks that require no user interaction. Once installed, the spyware makes it possible for the operators to harvest sensitive data and surveil targets of interest. https://lnkd.in/ddpbYPKu