In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Russian and Chinese cyber attack on Foreign Office was kept secret from public
August 12, 2023
Hackers from Russia and China infiltrated the Foreign Office’s emails and internal messages without the public’s knowledge, it has been revealed. The major security breach meant cyber attackers were able to see the day-to-day business of the government department in 2021. The cyber attacks were enabled because a Foreign Office staff member ‘probably accidentally’ downloaded malware ...
- The Road Map To Sino-US Cyber Cooperation Requires Both Nations To Look In The Mirror
August 11, 2023
The United States often poses itself as a champion of international cybersecurity despite its extensive record of transgressions in the realm of cyber-attacks and surveillance, according to which some would even proclaim the nation a global adversary. Concurrently, China’s involvement in intentional cyber-attacks targeting vital American infrastructure and cyberspace remains increasingly prominent. Read more… Source: Forbes
- Germany says Charming Kitten hackers target Iran dissidents
August 10, 2023
Germany’s Federal Office for the Protection of the Constitution (BfV) on Thursday warned critics of the Iranian leadership living in Germany that they might be targeted by hackers. The agency said the Charming Kitten online espionage group works by building trust with victims to the extent that they expose data on themselves, and any online ...
- Spyware maker LetMeSpy shuts down after hacker deletes server data
August 5, 2023
Poland-based spyware LetMeSpy is no longer operational and said it will shut down after a June data breach wiped out its servers, including its huge trove of data stolen from thousands of victims’ phones. In a notice on its website in both English and Polish, LetMeSpy confirmed the “permanent shutdown” of the spyware service and that ...
- What is the status of US, Israel cyberwars?
July 22, 2023
On June 19, 2022, false rocket-warning sirens were activated in Jerusalem and Eilat, caused by a stunning cyber attack by Iran. Israel’s cyber authorities at the time tried to downplay the hack, which seemed to have significant national security implications. However, in a recent interview with The Jerusalem Post, Israel National Cyber Directorate Chief Gaby Portnoy ...
- Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)
July 20, 2023
Security and networking devices are “edge devices,” meaning they are connected to the internet. If an attacker is successful in exploiting a vulnerability on these appliances, they can gain initial access without human interaction, which reduces the chances of detection. As long as the exploit remains undiscovered, the threat actor can reuse it to gain access ...