March 13, 2023
Qatar giving the Mossad a run for their money with the espionage
Qatar bugged Swiss Attorney General and FIFA President Infantino
An intelligence operation commissioned by Qatar targeted an informal meeting between Swiss Attorney General Michael Lauber and FIFA President Gianni Infantino. Operatives on behalf of Qatar were already planning to recruit the Attorney General for their cause at the end of 2011.
-
This is a fun one!
An NSO employee, an automation dev, stole the Pegasus source code from work. To do this he googled, “how to remove McAfee Data Protection?” Whatever the instructions were, they worked. So de-McAfee’s his work machine and copies the source code.
Trawling through the code he extracts three iOS 0days. He then contacts <some buyer> (maybe Zerodium?) and says: “I am hacking team member with access to NSO code. I sell you for €50 million. Is 3 iOS 0day. Ok?”
The buyer contacts NSO to tell them that someone claiming to be a hacker is selling their proprietary source code. NSO does an internal investigation and find there’s one guy who disabled his McAfee Data Protection software.
Jail door slamming sound effect.
https://josephsteinberg.com/rogue-cybersecurity-company-employee-tried-to-sell-powerful-stolen-iphone-malware-for-50-million/-
-
Via the excellent Greg Whittaker newsletter:
Allegedly George Santos was training ATM skimmers and setting them up as affiliates. One who got arrested and deported from the US has come forward with the accusation.
George Santos masterminded 2017 ATM fraud, former roommate tells feds - POLITICO
“Santos taught me how to skim card information and how to clone cards,” Gustavo Ribeiro Trelha, who was convicted of felony access device fraud, said Wednesday in a sworn declaration submitted to the FBI.
Declaration:
https://www.politico.com/f/?id=00000186-c7bb-d9f3-abef-cfff6b220000-
-
-
-
-
I spent few times working on #AVBurner, a post exploitation tools used by #SnakeCharmer (aka "Earth Longzhi" by #trendmicro). This tool disables kernel callbacks. With my colleagues from @volexity@infosec.exchange, we wrote a small blog post explaining how it works. But also how to detect kernel callbacks manipulation by using #volatility. As #volshell supports MS symbols we are able to parse in memory kernel objects. More details here: https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/
Paul Rascagneres: "I spent few times working on #AVBurner, a post ex…" - Infosec Exchange
Attached: 2 images I spent few times working on #AVBurner, a post exploitation tools used by #SnakeCharmer (aka "Earth Longzhi" by #trendmicro). This tool disables kernel callbacks. With my colleagues from @volexity, we wrote a small blog post explaining how it works. But also how to detect kernel callbacks manipulation by using #volatility. As #volshell supports MS symbols we are able to parse in memory kernel objects. More details here: https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/
-
Expelled Russian Diplomats With Spy Links Resurface In Serbia
Exclusive: Expelled Russian Diplomats With Spy Links Resurface In Serbia
While many European states have shown the door to hundreds of Russian diplomats, not only have they found a new home in Serbia, but the country has taken in alleged Russian spies, an RFE/RL investigation reveals.
-