cyberweapons – WindowsTechs.com

Analysis of Intellexa’s Predator Spyware

Posted on October 18, 2023 by Bruce Schneier

Amnesty International has published a comprehensive analysis of the Predator government spyware products.
These technologies used to be the exclusive purview of organizations like the NSA. Now they’re available to every country on the planet&#821… Continue reading Analysis of Intellexa’s Predator Spyware→

Cyberweapons Manufacturer QuaDream Shuts Down

Posted on April 25, 2023 by Bruce Schneier

Following a report on its activities, the Israeli spyware company QuaDream has shut down.

This was QuadDream:

Key Findings

Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time.

We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware. The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call …

Continue reading Cyberweapons Manufacturer QuaDream Shuts Down→

Hacked Cellebrite and MSAB Software Released

Posted on January 16, 2023 by Bruce Schneier

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies.
Continue reading Hacked Cellebrite and MSAB Software Released→

Another Event-Related Spyware App

Posted on November 15, 2022 by Bruce Schneier

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app:

The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices…

Continue reading Another Event-Related Spyware App→

Spyware Maker Intellexa Sued by Journalist

Posted on October 7, 2022 by Bruce Schneier

The Greek journalist Thanasis Koukakis was spied on by his own government, with a commercial spyware product called “Predator.” That product is sold by a company in North Macedonia called Cytrox, which is in turn owned by an Israeli company called Intellexa.

Koukakis is suing Intellexa.

The lawsuit filed by Koukakis takes aim at Intellexa and its executive, alleging a criminal breach of privacy and communication laws, reports Haaretz. The founder of Intellexa, a former Israeli intelligence commander named Taj Dilian, is listed as one of the defendants in the suit, as is another shareholder, Sara Hemo, and the firm itself. The objective of the suit, Koukakis says, is to spur an investigation to determine whether a criminal indictment should be brought against the defendants…

Continue reading Spyware Maker Intellexa Sued by Journalist→

Microsoft Zero-Days Sold and then Used

Posted on July 29, 2022 by Bruce Schneier

Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF.
There’s an entire industry devoted to undermining … Continue reading Microsoft Zero-Days Sold and then Used→

Russian Cyberattack against Ukrainian Power Grid Prevented

Posted on April 13, 2022 by Bruce Schneier

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used.

Key points:

ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company

The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks

The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems

We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine
…

Continue reading Russian Cyberattack against Ukrainian Power Grid Prevented→

Cyberweapons Arms Manufacturer FinFisher Shuts Down

Posted on April 6, 2022 by Bruce Schneier

FinFisher has shut down operations. This is the spyware company whose products were used, among other things, to spy on Turkish and Bahraini political opposition.
Continue reading Cyberweapons Arms Manufacturer FinFisher Shuts Down→

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Posted on December 20, 2021 by Bruce Schneier

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.

We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab:

We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.

Cytrox was reported to be part of Intellexa…

Continue reading More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers→

US Blacklists NSO Group

Posted on November 4, 2021 by Bruce Schneier

The Israeli cyberweapons arms manufacturer — and human rights violator, and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside f… Continue reading US Blacklists NSO Group→