French and Israeli diplomats may have agreed (as the Wire reports) that NSO Group's Pegasus intercept tool will no longer target French phone numbers, but Pegasus remains controversially active elsewhere. The University of Toronto's Citizen Lab has found that a device belonging to New York Times' Beirut Bureau chief Ben Hubbard was twice infected with Pegasus. The infections occurred after Hubbard complained to NSO Group that Saudi Pegasus operators had targeted him in June 2018, while he reported on Saudi Crown Prince Mohammed bin Salman. The subsequent infections occurred in July 2020 and June 2021. Responsibility for the last two incidents is unknown. Hubbard argues that such anti-terrorism tools are too easily abused.
eSentire reports a marked upswing in SolarMarker infestations. Whereas the information stealer had hitherto relied upon Blogspot, Google Sites, and content delivery networks to host malicious files, the campaigns using SolarMarker have begun recently making increased use of compromised WordPress sites.
Microsoft has identified extensive new activities by Russia’s SVR foreign intelligence service, which the company tracks as Nobelium and others know as Cozy Bear. The current operations, which Microsoft describes as “very large,” and “ongoing,” show no signs of abating. (NSA cyber director Joyce tweeted a link with approval, and advice.)
A study of ransomware released this morning by Digital Shadows concludes that the exclusion of ransomware discussions from cybercriminal fora has had little effect on the gangs' operations. A number of forum operators had banned such discussions to avoid unwanted attention from law enforcement organizations.