Qatar giving the Mossad a run for their money with the espionage
-
This is a fun one!
An NSO employee, an automation dev, stole the Pegasus source code from work. To do this he googled, “how to remove McAfee Data Protection?” Whatever the instructions were, they worked. So de-McAfee’s his work machine and copies the source code.
Trawling through the code he extracts three iOS 0days. He then contacts <some buyer> (maybe Zerodium?) and says: “I am hacking team member with access to NSO code. I sell you for €50 million. Is 3 iOS 0day. Ok?”
The buyer contacts NSO to tell them that someone claiming to be a hacker is selling their proprietary source code. NSO does an internal investigation and find there’s one guy who disabled his McAfee Data Protection software.
Jail door slamming sound effect.
-
-
Via the excellent Greg Whittaker newsletter:
Allegedly George Santos was training ATM skimmers and setting them up as affiliates. One who got arrested and deported from the US has come forward with the accusation.
https://www.politico.com/news/2023/03/09/santos-masterminded-atm-fraud-feds-00086417
Declaration:
https://www.politico.com/f/?id=00000186-c7bb-d9f3-abef-cfff6b220000
-
-
-
-
-
I spent few times working on #AVBurner, a post exploitation tools used by #SnakeCharmer (aka "Earth Longzhi" by #trendmicro). This tool disables kernel callbacks. With my colleagues from @volexity@infosec.exchange, we wrote a small blog post explaining how it works. But also how to detect kernel callbacks manipulation by using #volatility. As #volshell supports MS symbols we are able to parse in memory kernel objects. More details here: https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/
https://infosec.exchange/@r00tbsd/109982917504797140
-
Expelled Russian Diplomats With Spy Links Resurface In Serbia
https://www.rferl.org/a/russia-serbia-home-spies-expelled-diplomats/32310285.html
https://mstdn.social/@gavinwilde/110016281134350568
-