New Yorker: A Hacked Newsroom Brings a Spyware Maker to U.S. Court. “[Roman] Gressier is one of at least thirty-five journalists and civil-society members hacked with Pegasus in El Salvador between July, 2020, and November, 2021, according to the analysis by Citizen Lab, which was verified by Amnesty International. The hacking campaign comprised at least two hundred and sixty Pegasus attacks.”
Politico: Egypt’s COP27 summit app is a cyber weapon, experts warn. “Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations. Policymakers from Germany, France and Canada were among those who had downloaded the app by November 8, according to two separate Western security officials briefed on discussions within these delegations at the U.N. climate summit.”
Politico: Don’t download Qatar World Cup apps, EU data authorities warn. “A message to football fans from Europe’s data protection chiefs: Qatar’s World Cup apps pose a massive privacy risk, so don’t download them. European data protection regulators have been lining up to warn about the risks posed by Qatar’s World Cup apps for visitors, with Germany’s data protection commissioner being the latest.”
Citizen Lab: New Pegasus Spyware Abuses Identified in Mexico. “Mexican digital rights organization R3D (Red en los Defensa de los Derechos Digitales) has identified Pegasus infections against journalists and a human rights defender taking place between 2019-2021.”
The Guardian: British judge rules dissident can sue Saudi Arabia for Pegasus hacking. “A British judge has ruled that a case against the kingdom of Saudi Arabia brought by a dissident satirist who was targeted with spyware can proceed, a decision that has been hailed as precedent-setting and one that could allow other hacking victims in Britain to sue foreign governments who order such attacks.”
TechCrunch: TechCrunch launches TheTruthSpy spyware lookup tool. “TechCrunch today launched a spyware lookup tool that allows anyone to check if their Android device was compromised by a fleet of consumer-grade spyware apps, including TheTruthSpy. The aim is to help victims check if their device was compromised and reclaim control of their device.”
CitizenLab: Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus. “Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts. Using Internet scanning we identified more than 750 websites linked to Candiru’s spyware infrastructure.”
Washington Post: Dozens of Thai activists and supporters hacked by NSO Group’s Pegasus. “More than 30 Thai activists and supporters have been hacked with NSO Group’s potent Pegasus spyware, civil society groups said late Sunday, in the first countrywide campaign brought to light because Apple warned targeted iPhone users.”
CNN: Apple plans new feature to protect journalists and human rights workers from spyware. “Apple on Wednesday said it will release a new feature this fall for iPhone, Mac and iPad operating software that is designed to protect high-risk users such as journalists and human rights workers from sophisticated spyware that has been linked to human rights abuses.”
New York Times: Defense Firm Said U.S. Spies Backed Its Bid for Pegasus Spyware Maker. “Spokesmen for L3Harris and NSO declined to comment about the negotiations between the companies. A spokeswoman for Avril Haines, the director of national intelligence, declined to comment on whether any American intelligence officials quietly blessed the discussions. A spokesman for the Commerce Department declined to give specifics about any discussions with L3 Harris about purchasing NSO.”
The Verge: Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS. “A sophisticated spyware campaign is getting the help of internet service providers (ISPs) to trick users into downloading malicious apps, according to research published by Google’s Threat Analysis Group (TAG) (via TechCrunch). This corroborates earlier findings from security research group Lookout, which has linked the spyware, dubbed Hermit, to Italian spyware vendor RCS Labs.”
WIRED: Spyware Vendors Target Android With Zero-Day Exploits. “NSO GROUP AND its powerful Pegasus malware have dominated the debate over commercial spyware vendors who sell their hacking tools to governments, but researchers and tech companies are increasingly sounding the alarm about activity in the wider surveillance-for-hire industry. As part of this effort, Google’s Threat Analysis Group is publishing details on Thursday of three campaigns that used the popular Predator spyware, developed by the North Macedonian firm Cytrox, to target Android users.”
PC Magazine: Google: A Spyware Company Exploited 5 Chrome, Android Zero-Days in 2021. “One spyware company exploited at least five zero-day vulnerabilities—four in the Chrome browser and one in the Android operating system—throughout 2021, according to Google. The company’s Threat Analysis Group (TAG) says the spyware maker in question is a North Macedonian firm known as Cytrox.”
Associated Press: Spain: 2021 spyware attack targeted prime minister’s phone. “The cellphones of Spain’s prime minister and defense minister were infected last year with Pegasus spyware, which is available only to countries’ government agencies, authorities announced Monday. Prime Minister Pedro Sánchez’s mobile phone was breached twice in May 2021, and Defense Minister Margarita Robles’ device was targeted once the following month, Cabinet Minister Félix Bolaños said.”
The New Yorker: How Democracies Spy on Their Citizens. “Commercial spyware has grown into an industry estimated to be worth twelve billion dollars. It is largely unregulated and increasingly controversial. In recent years, investigations by the Citizen Lab and Amnesty International have revealed the presence of Pegasus on the phones of politicians, activists, and dissidents under repressive regimes. An analysis by Forensic Architecture, a research group at the University of London, has linked Pegasus to three hundred acts of physical violence.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.