0:04

The US has imposed visa travel restrictions on

0:06

13 individuals linked to

0:08

spyware, the Polish military used spyware

0:10

against female officers, Russian hackers used

0:13

a secret Windows Zero Day for

0:15

years, and the US charges and

0:17

sanctions for Iranian hackers. This

0:20

is Risky Business News, prepared by Katelyn

0:22

Kompanu and read by me, Katelyn Soory.

0:25

Today is April 24th and this podcast episode

0:27

is brought to you by Trail of Bits.

0:32

The US government has imposed visa restrictions on

0:34

13 individuals involved in the

0:36

development and sale of commercial spyware.

0:39

The visa ban applies to the individuals and

0:41

their immediate family members such as spouses and

0:43

children. The State Department has not released

0:45

their names. This marks the

0:47

first time the US State Department has

0:50

imposed visa restrictions related to spyware. It

0:52

announced its intention to do so at the start of

0:55

February this year. The

0:57

Polish military police used the Pegasus spyware

0:59

to spy on two female officers who

1:02

reported sexual harassment by their superiors. Military

1:05

police officials used Pegasus 78 times

1:07

in the last seven years against

1:10

female employees. Polish prosecutors

1:12

are currently investigating the previous government's use

1:14

of the Pegasus spyware. So

1:16

far, officials have notified 578

1:18

individuals they have been targeted

1:20

with the spyware. A

1:23

Spanish court has reopened a probe into a

1:25

suspected Pegasus infection of the country's Prime Minister

1:27

in 2022. The

1:30

judge reopened the case at the request of French

1:32

officials. According to the Associated

1:35

Press, French investigators claimed to have new

1:37

evidence to advance the investigation. The

1:39

French government previously found traces of the

1:41

Pegasus spyware on the devices of President

1:43

Emmanuel Macron and several ministers in 2021.

1:48

The US government has charged four

1:50

Iranian nationals for cyberattacks against

1:52

US organisations. Officials say

1:54

the four suspects work for two front companies

1:56

controlled by the cyber arm of the Iranian

1:59

Islamic Revolutionary Guard. core. The

2:01

four are accused of hacking more than a dozen

2:03

US companies and the US Departments of Treasury

2:05

and State. The Treasury Department has

2:07

sanctioned the four individuals as well as the

2:09

two front companies. The US State Department

2:11

is also offering a $10 million reward

2:13

for information on the group. US

2:16

officials say one of the front companies has been

2:18

associated with multiple Iranian APT

2:20

groups, including Tortoiseshell. Russian

2:24

hacking group Forest Blizzard has been quietly

2:26

using a zero-day in the Windows Print

2:28

Spooler service for almost three years. The

2:30

tool is named Goose Egg and has

2:32

been used in attacks since April 2019.

2:34

Russian hackers use Goose

2:37

Egg to elevate privileges and steal

2:39

credentials on already compromised networks. Microsoft

2:42

patched the bug behind the tool in

2:44

October 2022 but only recently discovered

2:46

the attacks. North

2:49

Korean hacking groups have breached at least 10 South

2:51

Korean defense companies in the last year and a

2:53

half. South Korea's Police Force says

2:55

the hacked companies were unaware of the breaches

2:58

until they were notified by authorities. Officials

3:00

linked intrusions to North Korean groups such

3:02

as Indariel, Lazarus and Kimsugi. Brazilian

3:07

authorities are investigating a breach of

3:09

the country's Integrated Financial Administration system,

3:11

also known as CFE. The Brazilian

3:13

government uses CFE to pay contracts

3:15

and employees. Local media reports

3:18

that hackers phished CFE employees and then

3:20

used the accounts to steal government funds.

3:23

The hackers are believed to have stolen at least

3:25

three and a half million Brazilian HIEs or about

3:28

US$700,000. Reports

3:30

claim the hackers compromised as many

3:32

as 17 CFE accounts. Medical

3:36

Diagnostic Service, SINLAB, says that a ransomware

3:38

attack has crippled the operations of its

3:40

Italian branch. The breach took place last

3:42

week and the company shut down all IT systems

3:45

as a result. The company operates more

3:47

than 380 medical labs across Italy. No ransomware

3:51

group has taken credit for the incident so

3:53

far. The company's French division was a victim

3:55

of the clock gang's move at Hacking Spree

3:58

last year. The

4:00

Greek Data Protection Agency has signed the

4:02

country's postal service 3 million euro for

4:05

a security breach that leaked customer data.

4:07

The Vice Society Ransomware Gang breached Elta in

4:09

March 2022. The

4:12

group leaked the company's data on the dark web

4:14

after it failed to extract the ransom. Leaked

4:17

data included customer and employee personal

4:19

information. The Greek Data

4:21

Protection Agency investigated Elta and found the

4:23

company failed to adequately protect the data.

4:27

A North Korean cloud server was

4:29

left exposed on the internet last

4:31

year and leaked animation-related projects. The

4:34

exposed files suggest that Western Studios

4:36

might have inadvertently hired North Korean

4:38

animators for their projects. According

4:40

to the leaked files, North Korean animators appear

4:42

to have worked on shows that air on

4:44

the BBC, Amazon Prime and HBO Max. Streetlights

4:49

in Leicester have been stuck on all

4:51

day, six weeks after the UK city

4:53

fell victim to a ransomware attack. The

4:55

attack impacted a central management system used

4:57

to control the streetlights. Officials

5:00

say the lights entered a fail-safe mode where they're

5:02

left on all the time. City

5:04

officials hope to have the system restored by the end of

5:06

next week. Russian

5:08

authorities have arrested a Moscow resident

5:10

for developing and selling malware via

5:12

Telegram. Officials describe the

5:14

malware as having data stealing and destructive

5:17

capabilities. The FSB tracked down the

5:19

suspect through a website they used to advertise

5:21

the malware. The

5:23

median dwell time for cybersecurity intrusions has fallen

5:25

last year to an all-time low of 10

5:28

days. Mandian says that 43 percent

5:30

of all incidents last year were detected in a week

5:32

or less. The company attributes

5:34

the reduction of dwell times to improvements

5:36

in detection capabilities. Mandian also

5:39

observed a decrease in intrusions that remained

5:41

undiscovered for long periods of time. Only

5:44

6 percent of intrusions went undetected for more

5:46

than a year. In terms of ransomware

5:48

attacks, dwell times fell from 9 days in 2022 to 5 days

5:50

last year. A

5:54

threat actor has hijacked the update

5:56

mechanism of the eScan antivirus to

5:58

distribute backdoors and AVAAS says

6:02

the campaign has been active since 2018 as

6:04

primarily targeted large corporate networks. Named

6:07

GuptiMiner, threat actor has distributed

6:09

two different backdoors. The first

6:11

was used to move laterally across networks, while

6:14

the second was used to scan and steal

6:16

private keys and crypto wallet information. AVAAS

6:19

says it found connections between GuptiMiner's

6:21

malware and Kim Suk-hee's North Korean

6:23

APT. Citizen

6:26

Lab researchers have identified vulnerabilities in 8

6:28

out of 9 Chinese keyboard apps. The

6:31

vulnerabilities allow threat actors to intercept

6:33

keystrokes in real time. Researchers

6:35

estimate that up to 1 billion users have

6:37

the apps installed and are vulnerable. Vendors

6:40

with vulnerable keyboard apps include Baidu,

6:42

Tencent and Xiaomi. Police

6:45

chiefs from European countries have called on

6:47

governments and industry groups to stop tech

6:49

companies from deploying end-to-end encryption. Police

6:52

officials say the increasing use of E2EE

6:54

blinds them to malicious activities on platforms

6:56

such as social media sites. 32

6:59

police chiefs have signed the joint declaration. The

7:02

statement comes as META is rolling out end-to-end

7:04

encryption for its messenger apps.