The Crypto AG Scandal And The Question Of Swiss Neutrality

On the 11 February 2020, the Washington Post published an extensive article revealing the #CryptoAG Scandal. The article damningly exposes the way in which the #Swiss #encryption company Crypto AG was co-opted by the #CIA for decades. The #spy #agency coerced the company’s founder into working for them in the 1950s, and later bought out Crypto AG in a secret partnership with the German spy agency the #BND. Throughout this time, faulty encryption machines were sold to governments around the world to improve American #espionage capabilities. This “audacious” project lasted well into the 21st century, presumably until the company’s liquidation in 2018. According to the Washington Post article, “CIA and BND documents indicate that Swiss officials must have known for decades about Crypto’s ties to the U.S. and German spy services, but intervened only after learning that news organizations were about to expose the arrangement.” It is this revelation which has led various news agencies (including the BBC) to declare that Swiss neutrality has been “shattered”.

The Swiss have long cultivated a policy of neutrality. This concept is ubiquitous in popular culture, from the end of The Sound of Music, to the English phrase “being Switzerland” which is synonymous with neutrality. What impact, (if any), will the implications of Swiss partiality toward the U.S. in the scandal have upon their aura of neutrality?

👉🏼 Read more:
https://theowp.org/the-crypto-ag-scandal-and-the-question-of-swiss-neutrality/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Did a Chinese Hack Kill Canada’s Greatest Tech Company?

Nortel was once a world leader in wireless technology. Then came a hack and the rise of Huawei.

The documents began arriving in China at 8:48 a.m. on a Saturday in April 2004. There were close to 800 of them: PowerPoint presentations from customer meetings, an analysis of a recent sales loss, design details for an American communications network. Others were technical, including source code that represented some of the most sensitive information owned by Nortel Networks Corp., then one of the world’s largest companies.

https://www.bloomberg.com/news/features/2020-07-01/did-china-steal-canada-s-edge-in-5g-from-nortel

https://www.assemblymag.com/blogs/14-assembly-blog/post/90631-did-outsourcing-and-corporate-espionage-kill-nortel

https://www.cbc.ca/news/politics/former-nortel-exec-warns-against-working-with-huawei-1.1137006

#huawei #nortel #canada #china #industrial #espionage #telecom

Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.

Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.

https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/

#asia #taiwan #china #industrial #economic #espionage #hackers

Rampant Kitten – An Iranian Espionage Campaign

Introduction

Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.

💡 Among the different attack vectors we found were:

👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information

👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more

👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts

💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:

👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)

👉🏼 Azerbaijan National Resistance Organization

👉🏼 Balochistan people

👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/

👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes

#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

APT1- Exposing One of China’s Cyber Espionage Units

👀 👉🏼 (PDF)
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

#apt1 #china #cyber #espionage #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoola

Beyond Pegasus: The Bigger Picture of Israeli Cyber Spying

We have been told to live in mortal fear of online hackers, and, as the “cyber pandemic” narrative ramps up, the fear-mongering over Chinese, Russian and even North Korean cyberwarriors is going into overdrive.

Strange, then, given this climate of non-stop cybersecurity hysteria, that we rarely hear mention of one of the world’s confirmed cyberhacking superpowers: Israel. Just as Israel’s nuclear arsenal is the worst-kept secret in the world, it seems that mention of Israel’s cyber arsenal is strictly forbidden in the mainstream press. But it is now undeniable that Israel is running one of the most sophisticated, pervasive and influential cyberhacking operations in the world.

The official silence on Israel’s cyber espionage changed last month when the story of Pegasus—a piece of military-grade spyware developed by Israeli surveillance firm NSO Group—made headlines for all the wrong reasons. The software, as Haaretz and other MSM half-truth peddlers inform us, is able to hijack the phones of its victims, recording from the phone’s cameras and microphone and collecting location data, call logs and contacts, all without the target’s knowledge. And, as the consortium of dinosaur media publishers who were given access to this treasure trove of information report, it is being used by “oppressive regimes” to target “180 journalists” and even scoop up personal contact details of national misleaders like French President Emmanuel Macron and Pakistani Prime Minister Imran Khan.

But there are some very important things you never learned about the Pegasus story in the dinosaur media’s coverage of it, and, if you do rely on the lamestream media for your knowledge, there are a lot of things you won’t know about the history of Israeli cyberspying. So today, let’s take a look at the issue of Israel’s high-tech espionage.

https://www.minds.com/CorbettReport/blog/beyond-pegasus-the-bigger-picture-of-israeli-cyber-spying-1271089882587992066

#israel #spyware #pegasus #nso #history #espionage

Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks - BLack Hat CitizenLab / 2020

This briefing will take an in-depth look at the technical capabilities of mobile attacks that are being leveraged against real targets for the purpose of espionage. We will focus on Pegasus, a lawful intercept product, and the features and exploit chain it used. We will describe how we discovered and tracked the developer’s infrastructure prior to the attack, and how we later caught a sample of the elusive malcode being used against a prominent human rights defender.

#Pegasus #NSO #Spyware #CitizenLab #BlackHat #espionage #israel #exploit

Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa - Check Point Research – June 2023

Check Point Research observed a wave of highly-targeted espionage attacks in Libya that utilize a new custom modular backdoor.
Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information.

The Stealth Soldier infrastructure has some overlaps with infrastructure the The Eye on the Nile which operated against Egyptian civilian society in 2019. This is the first possible re-appearance of this threat actor since then.

Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International – 2019

#StealthSoldier #EyeOnTheNile
#Backdoor #espionage #malware #Egypt #Libya

Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives - Check Point Research – June 2023

In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.


#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia

CID Lookout: Unsolicited Smartwatches Received by Mail > Department of the Army Criminal Investigation Division

Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.

These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.

Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches

#spyware #WristWatch
#USA #SmartWatch #espionage

Big Brother Watch (@BigBrotherWatch): "Cameras made by Chinese state-owned surveillance firm, #Hikvision, found outside MI6 HQ "It is highly embarrassing for MI6 that these cameras are monitoring them."

British spies are being filmed by Chinese surveillance cameras in front of MI6 headquarters, The Mail on Sunday can revealed

#UK #China #CCTV #espionage
#MI6

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks – TheHackerNews - June 2023

The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest.

The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda.

"The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land (LotL) techniques for lateral movement,"

Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft – CrowdStrike - June 2023

#VoltTyphoon #VanguarPanda #China #espionage #spyware #malware

Asylum Ambuscade: crimeware or cyberespionage? | WeLiveSecurity – June 2023

A curious case of a threat actor at the border between crimeware and cyberespionage

Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by Proofpoint researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few weeks after the start of the Russia-Ukraine war. In this blogpost, we provide details about the early 2022 espionage campaign and about multiple cybercrime campaigns in 2022 and 2023.

#AsylumEmbuscade
#SunSeed #AHKBOT #EU #Ukraine #Russia #CyberEspionage #espionage

How a cloud flaw gave Chinese spies a key to Microsoft’s kingdom

For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.

Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.

This latest attack uses a unique trick: Microsoft says hackers stole a cryptographic key that let them generate their own authentication “tokens”—strings of information meant to prove a user’s identity—giving them free rein across dozens of Microsoft customer accounts.

#Storm0558 #China #Infosec
#espionage

US govt IT worker accused of leaking top secrets • The Register –

A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.
Abraham Lemma, 50, a Silver Springs, Maryland resident and a naturalized United States citizen who was born in Ethiopia, was detained on August 24 after allegedly sending classified US national defense information to an Ethiopian intelligence agent. He has worked in various American government agencies since 2019.

#US #Ethiopia #Espionage

XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities – Linkedin

XAgent is a spyware targeting iOS devices, representing a mobile implant. Publicly attributed to the group APT28 (also known as Sofacy or Fancy Bear), XAgent is consistent with TTPs of targeting government entities, political organizations, and individuals of interest for cyber espionage purposes.

The XAgent iOS implant exhibits advanced functionalities for comprehensive data collection, exfiltration and potential remote control, aligning with APT28's objectives of gathering intelligence and maintaining persistent access to compromised systems.

Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear