Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has been tracking the activities of commercial spyware vendors to protect users. Today, we actively track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government backed actors. These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers and opposition party politicians.

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

L’Autorità ha aperto un’istruttoria nei confronti del Comune di Lecce, che ha annunciato l’avvio di un sistema che prevede l’impiego di tecnologie di riconoscimento facciale. In base alla normativa europea e nazionale, ha ricordato l’Autorità, il trattamento di dati personali realizzato da soggetti pubblici, mediante dispositivi video, è generalmente ammesso se necessario per l’esecuzione di un compito di interesse pubblico o connesso all’esercizio di pubblici poteri.

Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.

Lookout Les chercheurs de Threat Lab ont découvert un logiciel de surveillance Android de niveau entreprise utilisé par le gouvernement du Kazakhstan à l'intérieur de ses frontières. D'après notre analyse, le logiciel espion est probablement développé par le fournisseur italien de logiciels espions RCS Lab S.p.A.

The hacker group Killnet claimed the attacks against Italy. How it's possible to detect the activities of the Mirai botnet used through Falco

Cosa sappiamo di sLoad e perchè è così elusivo?

Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.