Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.

At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.

Researchers found malware developed by QuaDream, a little-known government spyware maker, which was used against journalists and politicians.

Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has been tracking the activities of commercial spyware vendors to protect users. Today, we actively track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government backed actors. These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers and opposition party politicians.

A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

Haaretz reveals NFV Systems’ surveillance tools; firm under investigation by secretive Israeli body for skirting arms export controls, in case that may ‘damage national security’

The iPhone security flaw was discovered by a Google unit that uncovers nation-state spyware, hacking and cyberattacks.

Auditionnée par le Parlement européen, la directrice du Centre national espagnol s’est contentée de rappeler le cadre juridique, selon les eurodéputés.

Christopher Wray, the F.B.I.’s director, told Congress last December that the bureau purchased the phone hacking tool Pegasus for research and development purposes.

Le droit à la vie privée est de plus en plus menacé par l’utilisation de technologies numériques modernes en réseau, dont les caractéristiques en font de formidables outils de surveillance, de contrôle et d’oppression, selon un nouveau rapport de l’ONU. Il est donc essentiel que ces technologies soient encadrées par une réglementation efficace reposant sur le droit international des droits de l’homme et les normes applicables en la matière [PDF Document link](https://documents-dds-ny.un.org/doc/UNDOC/GEN/G22/442/29/PDF/G2244229.pdf?OpenElement)

‘Democracy and rule of law are at stake,’ says MEP Saskia Bricmont.

La sorveglianza europea parte da un’azienda italiana

An Italian surveillance company is tracking people all over the world on a grand scale on behalf of its clients – including in countries with a recent history of corruption and human rights abuses. Its powerful spyware was recently found in Kazakhstan and Romania. Europe’s parliamentarians voice growing concern about an out-of-control surveillance industry and call for it to be regulated.

The head of Greek intelligence told a parliamentary committee his agency had spied on a journalist, two sources present said, in a disclosure that coincides with growing pressure on the government to shed light on the use of surveillance malware.

MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.

We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.

ESET uncovers CloudMensis, a macOS backdoor that spies on users of Mac devices and communicates with its operators via public cloud storage services.

Forensic analysis by CitizenLab says government is the likeliest perpetrator.

As civil society and media organisations expose EU Member States' use of the Pegasus commercial spyware, one of the most high-profile spying scandals of recent years is coming to light in Europe.

Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.

Lookout Les chercheurs de Threat Lab ont découvert un logiciel de surveillance Android de niveau entreprise utilisé par le gouvernement du Kazakhstan à l'intérieur de ses frontières. D'après notre analyse, le logiciel espion est probablement développé par le fournisseur italien de logiciels espions RCS Lab S.p.A.