Security News

Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets. The campaigns have been attributed to the Iranian APT group known as Lyceum, Hexane, and Siamesekitten, running espionage campaigns since at least 2018 [1, 2]. In multiple attacks detected in May and July, the hackers combined social engineering techniques with an updated malware variant that would ultimately give them remote access to the infected machine.

Authorities from multiple agencies of the Israeli government paid a visit the offices of the NSO Group as part of a new investigation into claims that the secretive firm is selling its spyware to threat actors for targeted attacks, according to the Israeli Ministry of Defense. Specifically, Israeli agents visited NSO Group's offices in Herzliya, near the city of Tel Aviv, according to a post by analyst firm Recorded Future's The Record.

Israel's Ministry of Defense says the nation's government has visited spyware-for-governments developer NSO Group to investigate allegations its wares have been widely - and perhaps willingly - misused. The allegations were raised by Amnesty International and a consortium of newspapers that gained access to a 50,000-entry list of mobile phone numbers claimed to have been touched by NSO's Pegasus product - spyware that makes a smartphone an open book.

Start-Up Nation Central, the independent not-for-profit organization connecting global corporations, investors, and governments to the Israeli tech innovation ecosystem, revealed that Israel's FinTech sector experienced a record-breaking first half of 2021 in terms of VC investments. According to a data gathered from Start-Up Nation Central Finder, Israeli companies raised $2.3B in the first half representing a staggering 260% increase over H1 2020 funding, and even surpassing the 2020 full-year total of $1.8B by 28%. Investments in FinTech made up 19% of the total funding in Israeli innovation technology companies during H1, which amounted to $12.2B. When it comes to international comparisons, data from PitchBook showed that Israel's 28% increase in FinTech funding over the 2020 total surpassed the 20% increase in US company funding and the negative growth exhibited by the Asian ecosystem but fell short of Europe's impressive 63% growth during the same period.

Human rights and press freedom activists are up in arms about a new report on NSO Group, the notorious Israeli hacker-for-hire company. The report, by a global media consortium, expands public knowledge of the target list used in NSO's military-grade spyware.

The spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab. "Candiru's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab researchers said.

An Israeli firm accused of supplying spyware to governments has been linked to a list of 50,000 smartphone numbers, including those of activists, journalists, business executives and politicians around the world, according to reports Sunday. The Post said 15,000 of the numbers on the list were in Mexico and included those of politicians, union representatives, journalists and government critics.

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.

A secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors. The two reports come less than 24 hours after Google's Threat Analysis Group documented four separate zero-day exploits in Chrome, Internet Explorer, and Webkit that were created and sold by Candiru to government-backed attackers.

Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.