SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. Moreover, the malware mentioned by Google matched ThreatNeedle – malware that we have been tracking since 2018.

Malware 107

Malware Mobile Spyware Surveillance 107

Krebs on Security

NOVEMBER 6, 2018

In late September 2018, the REACT Task Force spearheaded an investigation that led to the arrest of two Missouri men — both in their early 20s — who are accused of conducting SIM swaps to steal $14 million from a cryptocurrency company based in San Jose, Calif. . million customers.

Mobile 243

Mobile Cryptocurrency Accountability Passwords 243

SecureList

APRIL 27, 2021

The group’s operations were exposed in 2018, showing that it was conducting surveillance attacks against individuals in the Middle East. Interestingly, some of the TTPs used by this threat actor are reminiscent of other groups operating in the domain of dissident surveillance. Final thoughts.

Malware 141

Malware Spyware Government Social Engineering 141

SecureList

OCTOBER 26, 2021

On June 3, Check Point published a report about an ongoing surveillance operation targeting a Southeast Asian government, and attributed the malicious activities to a Chinese-speaking threat actor named SharpPanda. Lyceum is a threat group operating against high-profile targets in the Middle East since at least 2018. Middle East.

Malware 142

Malware Government Surveillance Spyware 142

SecureList

OCTOBER 17, 2023

This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets. Lyceum is believed to be a Farsi-speaking threat group that has been active since 2018 and may be behind this novel PowerShell tool set.

Government 108

Government Malware VPN Manufacturing 108

eSecurity Planet

DECEMBER 19, 2023

“As organizations quickly adopt technologies like Okta Fastpass which uses biometrics for authentication instead of passwords, … we expect an increase in two areas: breaches caused by social engineering (already on the rise), and breaches caused by Insiders (already over 40% of all breaches).

Cybersecurity 140

Cybersecurity CISO Government Technology 140

SecureList

JULY 29, 2021

We were able to trace the WebDav-O implant’s activity in our telemetry to at least 2018, indicating government affiliated targets based in Belarus. For further surveillance of the victim, the malware operator may also deploy additional tools. The injected payload creates a persistent backdoor on the victim’s machine.

Malware 142

Malware Phishing Password Management Social Engineering 142