At a glance.
- China's GREF deploys tools used against Uyghurs in broader espionage.
- Cyberespionage campaign by Earth Estries.
- Five Eyes call out GRU cyberespionage campaign.
- Russian hacktivist auxiliaries hit Czech banks and the platform formerly known as Twitter.
- Spring-Kafka zero-day discovered.
- University of Michigan overcomes cyberattack that delayed the academic year.
China's GREF deploys tools used against Uyghurs in broader espionage.
ESET says the China-linked threat actor “GREF” is distributing the BadBazaar Android malware via Trojanized versions of Telegram and Signal in the Google Play store and the Samsung Galaxy Store. Both stores have since removed the malicious apps. ESET notes that BadBazaar has been used in the past to target Uyghurs and other Turkic ethnic minorities. In this case, the malicious Telegram app, called “FlyGram,” was shared in a Uyghur Telegram group.
The researchers add that the malicious Signal app, called “Signal Plus Messenger,” “represents the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to the attacker’s Signal device.”