FireEye continues to chew on APT41, Double Dragon, the PLA spies who moonlight as crooks (or vice versa). In a report issued yesterday, the researchers describe the threat group's Messagetap malware. The tool monitors and collects SMS traffic from specific phone and IMSI numbers. It also watches for specified key words. Messagetap has been deployed in a Chinese government espionage campaign against high-value or high-payoff targets, including dissidents, journalists, and selected foreign officials. FireEye calls the approach a combined focus on "upstream data and targeted surveillance."
The attention NSO Group's Pegasus tool has attracted from WhatsApp and Citizen Lab has flushed some additional surveillance activity. Reuters reports that Pegasus has been used against government officials in several countries. The Israeli government denies any involvement.
Roskomnadzor, Russia's Internet authority, today began installing the tools necessary to disconnect the country's Internet from the global Web, should the government decide it needed to do that. The plans for an autarkic Web have been in place for some time. What the disconnection will mean in practice remains to be seen, as SC Magazine points out.
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) yesterday released details of the North Korean Trojan "Hoplight" (note: not "Hoplite") which opens a backdoor in affected machines.
Upstream Systems warns that the Android keyboard app, ai.type, is quietly making unauthorized purchases of premium digital content, racking up a cool $18 million in fraudulent charges.
Trend Micro notes a cresting wave of criminal cyberattacks on e-sports.