The controversy over the proliferation and use of NSO Group's Pegasus intercept tool continues. The Washington Post, one of the organizations participating in the Pegasus Project, writes that among the devices compromised with the tool were phones belonging to "journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi." NSO Group has consistently said that its product is designed for, and sold to, government law enforcement and security organizations for legitimate purposes, and that the list of 50,000 phone numbers Forbidden Stories and Amnesty International obtained has nothing to do with NSO. “I'll give you a simple statement: Journalists, human rights activists, and civil organizations are all off-limits,” NSO Group CEO Shalev Hulio told CTECH. Investigations into the use of Pegasus are now underway in France and Israel, and may soon begin in India, Mexico, and Hungary.
Saudi Aramco yesterday said, the AP reports, that the data loss incident it sustained has indeed become an extortion attempt. Attackers who obtained company files (apparently through a third-party contractor) are demanding $50 million in exchange for promises to delete the data. If they're not paid, they intend to leak the stolen files.
Avanan researchers have found the popular Milanote collaboration and note-taking app being used to host and distribute phishing messages with malicious links.
ANSSI, France's national cybersecurity agency, has warned that APT31 (also known as Zirconium and Judgment Panda, a Chinese industrial espionage group), is hijacking home routers to lend resilience to its attack infrastructure.