At a glance.
- Mexico makes first arrest in Pegasus inquiry.
- Mercenaries and the spyware market.
- Ransomware attack leads to data dump.
Mexican businessman arrested for using Pegasus surveillance software.
In the first Mexican arrest connected to the Pegasus spyware scandal, Security Week reports that Mexican prosecutors have apprehended a businessman suspected of using NSO Group’s controversial surveillance software to spy on a journalist. The attorney general's office states that the suspect tapped into the unnamed target’s device with the aim of "limiting and undermining her freedom of expression.” As AP News notes, out of more than 50,000 phone numbers allegedly targeted by NSO clients for surveillance, 15,000 were linked to Mexican phones, the greatest number from any individual country, and of those, twenty-five were linked to journalists. Though prosecutors did not reveal the identity of the suspect, Leopoldo Maldonado of the press freedom group Article 19 told AP News that he is “a technical employee of a private company that was an intermediary for NSO in Mexico, and benefitted from illegal spying on public figures.”
Inside the mercenary world of hacking-for-hire.
Forbes offers an in-depth look at the lucrative hacker-for-hire industry. On the dark web, cybercriminals are willing to sell a selected target’s online data to any buyer who is willing to pay, be it a nation state or a prying spouse. Netherlands-based cybersecurity researcher Feike Hacquebord spent months investigating the activities of Russian-speaking cybergang RocketHack, responsible for breaking into the digital accounts of 3,500 individuals ranging from journalists to politicians to IVF doctors, and selling private data like call record logs, airline data, and financial account info. The crew’s primary tactic is a phishing scam, luring victims to fake email login pages almost identical to the real thing, but evidence indicates RocketHack might have even more treacherous methods that don’t rely on duping their targets. While RocketHack’s client list is unconfirmed, targets include presidential candidates, human rights activists, journalists, and government officials across the EU, and business is booming.
City government ransomware attack leads to data dump.
The City of Bridgeport, located in the US state of West Virginia, was hit with a ransomware attack last May that exposed resident data including Social Security numbers, driver’s license numbers, and street addresses. Now, as Emsisoft threat analyst Brett Callow informed WBOY.com, the data has resurfaced on a hacker’s website, offered up for download. City officials, who were apparently unaware of the situation until Callow’s discovery, responded, “It appears, based on information provided to us, that the attackers posted information they claim they took on the dark web today. We have not had an opportunity to review this posted information but will be doing so.” An investigation is ongoing.