Gamma Group – WindowsTechs.com

The developers of the notorious FinSpy spyware are innovating — and thriving

Posted on July 10, 2019 by Sean Lyngaas

Like any competitive company, a spyware vendor has to innovate when its proprietary data is exposed or stolen. For Gamma Group, the maker of the notorious FinSpy spyware, the definitive moment came in 2014, when it was hacked and information about its software and clients was dumped online. Since then, FinSpy’s authors have revamped big portions of the software, improving the encryption and making the code harder for analysts to parse, according to new research from Kaspersky Lab. The updated spyware implants for iOS and Android have been used in nearly 20 countries in the last year or so across Asia, Europe, and the Middle East, the researchers said Wednesday. In Myanmar, an ongoing campaign has infected several dozen phones. The researchers suspect there are many more victims out there, given how popular FinSpy has been with government clients. “The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly […]

The post The developers of the notorious FinSpy spyware are innovating — and thriving appeared first on CyberScoop.

Continue reading The developers of the notorious FinSpy spyware are innovating — and thriving→

Middle Eastern hacking group is using FinFisher malware to conduct international espionage

Posted on October 16, 2017 by Chris Bing

A well-funded, highly active group of Middle Eastern hackers was caught, yet again, using a lucrative zero-day exploit in the wild to break into computers and infect them with powerful spyware developed by an infamous cyberweapons dealer named Gamma Group. The incident, as described by security researchers with Moscow-based cybersecurity firm Kaspersky Lab, shines a rare light on the opaque although apparently vibrant market for software exploits and spyware, which in this case appears to have been purchased by a nation-state. The Middle Eastern hacker group in this case is codenamed “BlackOasis.” Kaspersky found the group was exploiting a Adobe Flash Player zero-day vulnerability (CVE-2016-4117) to remotely deliver the latest version of “FinSpy” malware, according to a new blog post published Monday. Adobe issued a fix Monday to its users in the form of a software update. FinSpy, a final-stage payload that allows for an attacker to covertly learn what a target is talking […]

The post Middle Eastern hacking group is using FinFisher malware to conduct international espionage appeared first on Cyberscoop.

Continue reading Middle Eastern hacking group is using FinFisher malware to conduct international espionage→

New Microsoft Word zero day used in Russian-language spyware campaign, analysts say

Posted on September 12, 2017 by Chris Bing

A well-funded spy group appears to have recently acquired a highly sophisticated zero day vulnerability and used it to deploy a remote access trojan against a Russian-speaking “entity,” according to evidence discovered by U.S. cybersecurity firm FireEye. Researchers with FireEye found the disruptive software vulnerability, which affects recent versions of Microsoft Word, in July. The trojan, known as FinSpy, is made by infamous surveillance technology firm FinFisher, a blog post by FireEye says. The Word flaw remained unpatched until Tuesday afternoon, when Microsoft issued its monthly security update. This vulnerability, labeled CVE-2017-8759, was used as recently as late August to hack into systems, FireEye analyst Ben Read told CyberScoop. Analysts originally uncovered CVE-2017-8759 while examining a highly targeted phishing email that was written in Russian. The email contained an attachment that when opened exploited a software flaw in the word processor to remotely download FinSpy from a computer server controlled by the attacker. […]

The post New Microsoft Word zero day used in Russian-language spyware campaign, analysts say appeared first on Cyberscoop.

Continue reading New Microsoft Word zero day used in Russian-language spyware campaign, analysts say→

Israeli hacking company NSO Group is on sale for more than $1 billion

Posted on June 12, 2017 by Patrick Howell O'Neill

The Israeli hacking company NSO Group has been put up for sale for a price of more than $1 billion, according to multiple people familiar with the matter. The U.S.-based private equity firm Francisco Partners Management, which owns NSO Group, is looking to bring in around 10 times the $120 million it paid for a majority stake in the company in 2014. The group grew from around 50 employees when it was acquired to nearly 10 times that size, including more than 200 engineers dedicated to the hacking products that bring in the company’s rising profits. NSO, which is known for selling cutting-edge offensive hacking technology to governments around the world, traces its roots and to the Israeli military’s world-renowned signals intelligence unit known as Unit 8200. The Israeli business publication Calcalist reported that NSO Group was being shopped around last month. CyberScoop independently spoke with numerous NSO business associates who confirmed that report. NSO Group and Francisco Partners both […]

The post Israeli hacking company NSO Group is on sale for more than $1 billion appeared first on Cyberscoop.

Continue reading Israeli hacking company NSO Group is on sale for more than $1 billion→