Tag Archives: pre-positioning malware

The Silent Spying Device in Your Pocket: Who is Afraid of Pegasus?

Leave a reply

NSO Group, the Israeli company behind Pegasus spyware, says a group of investors led by Hollywood producer Robert Simonds has acquired a controlling stake in the firm, which has named a former Trump official to lead an effort to restore its battered reputation. The company, which has faced lawsuits and U.S. government sanctions since revelations that its technology was used to spy on political dissidents, human-rights advocates, journalists and American officials, declined to disclose the purchase price.

NSO’s new executive chairman, David Friedman, a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump, said he wants to use his ties to the Trump administration to help rebuild the company’s spyware business in the U.S…NSO’s flagship product, Pegasus, has used WhatsApp to infiltrate phones without the target having to do or tap on anything. The spyware has also been sent to phones via links in messages, according to security researchers. Pegasus can turn a smartphone into a silent spying device by gaining access to its files, messages, microphone and camera, they say.

In 2021, the Biden administration placed NSO on an export-prohibition list that restricted the firm from obtaining some types of technology from the U.S. In 2023, President Biden signed an executive order banning government agencies and departments from using commercial spyware that “poses risks to national security or has been misused by foreign actors to enable human rights abuses around the world.” Unless Biden’s executive order is rescinded, it is unlikely U.S. government agencies would do business with NSO.

Intelligence agencies such as the U.S. National Security Agency and the U.K.’s Government Communications Headquarters routinely use hacking tools. NSO often sells such cyber capabilities to countries that don’t have their own. Friedman said his pitch to the U.S. government is that NSO’s products will make America safer. NSO says its products can be used by government agencies to fight terrorism and crime by allowing them access to encrypted messaging systems such as WhatsApp….

In 2019, WhatsApp’s parent company, now called Meta, sued NSO over what it alleged was a breach of its servers to install NSO’s malware on target devices. In July 2025, the six-year trial came to an end, with a federal jury in California ordering NSO to pay Meta $168 million in damages. In October 2025, the U.S. District Court for the Northern District of California reduced the fine NSO was ordered to pay Meta down to $4 million. But in the same ruling, the judge ordered NSO to stop targeting WhatsApp, in a move that the company said during its defense could put it out of business. NSO is appealing the decision against targeting WhatsApp, and is filing for a stay.

Excerpt from Dov Lieber, Israeli Spyware Maker NSO Gets New Owners, Leadership and Seeks to Mend Reputation, WSJ, Nov. 9, 2025

How to Create Panic? China’s Typhoons

Leave a reply

Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in 2024 in pursuit of sensitive information…The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.

In Salt Typhoon, the actors linked to China burrowed into America’s broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack…Investigators are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet, according to people familiar with the matter. Microsoft is investigating the intrusion and what sensitive information may have been accessed, people familiar with the matter said.

China has made a practice of gaining access to internet-service providers around the world. But if hackers gained access to service providers’ core routers, it would leave them in a powerful position to steal information, redirect internet traffic, install malicious software or pivot to new attacks.

In September 2024, U.S. officials said they had disrupted a network of more than 200,000 routers, cameras and other internet-connected consumer devices that served as an entry point into U.S. networks for a China-based hacking group called Flax Typhoon. And in January 2024, federal officials disrupted Volt Typhoon, yet another China-linked campaign that has sought to quietly infiltrate a swath of U.S. critical infrastructure. “The cyber threat posed by the Chinese government is massive,” said Christopher Wray, the Federal Bureau of Investigation’s director, speaking earlier this year at a security conference in Germany. “China’s hacking program is larger than that of every other major nation, combined.”

U.S. security officials allege that Beijing has tried and at times succeeded in burrowing deep into U.S. critical infrastructure networks ranging from water-treatment systems to airports and oil and gas pipelines. Top Biden administration officials have issued public warnings over the past year that China’s actions could threaten American lives and are intended to cause societal panic. The hackers could also disrupt the U.S.’s ability to mobilize support for Taiwan in the event that Chinese leader Xi Jinping orders his military to invade the island….

Excerpts from Sarah Krouse et al., China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack, WSJ, Sept. 26, 2024

Sinophobia or Rational Paranoia: the Cranes

Leave a reply

The Biden administration plans to invest billions in 2024 in the domestic manufacturing of cargo cranes, seeking to counter fears that the prevalent use of China-built cranes with advanced software at many U.S. ports poses a potential national-security risk. The move is part of a set of actions taken by the administration that is intended to improve maritime cybersecurity….Administration officials said more than $20 billion would be invested in port security, including domestic cargo-crane production, over the next five years. The money, tapped from the $1 trillion bipartisan infrastructure bill passed in 2021, would support a U.S. subsidiary of  Mitsui, a Japanese company, to produce the cranes, which officials said would be the first time in 30 years that they would be built domestically.

Cranes at some ports used by the U.S. military were flagged as surveillance threats. Officials also raised the concern that the software on the cranes could be manipulated by China to impede American shipping or, worse, temporarily disrupt the operation of the crane.  “By design these cranes may be controlled, serviced and programmed from remote locations,” said Rear Adm. John Vann, who leads the Coast Guard cyber command, during a press briefing….

The U.S. military has been concerned about the cranes for years and has made efforts to skirt ports with the China-made cranes as best as possible, according to the senior U.S. military commander who oversees the military’s logistics operations.The Chinese can track the origin, destination and other data of the U.S. military’s containerized materiel to determine exactly where the military is shipping it, Cranes made by China-based ZPMC contain sensors that can register and track the origin and destination of containers…

China’s military doctrine gives priority to targeting “systems that move enemy troops,” including harbors and airports, Craig Singleton, a senior fellow at the Foundation for Defense of Democracies, a Washington think tank, said during congressional testimony in February 2023…“Increasingly, the Chinese are not merely seeking access to our networks; they are pre-emptively positioning to compromise and control them,” Singleton said in his testimony. “As a result, China is poised to impede the mobilization of American military forces, foment a state of disarray, and redirect national attention and resources in both war and short-of-war scenarios.”

Excerpts from Dustin Volz, U.S. to Invest Billions to Replace China-Made Cranes at Nation’s Ports, WSJ, Feb. 21, 2024

The Under-Our-Noses Nasty Wars

Leave a reply

Christopher Wray warned in February 2023 that Beijing’s efforts to covertly plant offensive malware inside U.S. critical infrastructure networks is now at “a scale greater than we’d seen before,” an issue he has deemed a defining national security threat. Citing Volt Typhoon, the name given to the Chinese hacking network that was revealed in 2023 to be lying dormant inside U.S. critical infrastructure, Wray said Beijing-backed actors were pre-positioning malware that could be triggered at any moment to disrupt U.S. critical infrastructure. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks, planting malware inside U.S. computer systems responsible for everything from safe drinking water to aviation traffic so it could detonate, at a moment’s notice, damaging cyberattacks during a conflict.

The Netherlands’ spy agencies said in February 2024 that Chinese hackers had used malware to gain access to a Dutch military network in 2023. The agency, considered to have one of Europe’s top cyber capabilities, said it made the rare disclosure to show the scale of the threat and reduce the stigma of being targeted so allied governments can better pool knowledge.

A report released in February 2024 by agencies including the FBI, the Cybersecurity and Infrastructure Agency and the National Security Agency said Volt Typhoon hackers had maintained access in some U.S. networks for five or more years, and while it targeted only U.S. infrastructure directly, the infiltration was likely to have affected “Five Eyes” allies…

Excerpts from  Joe Parkinson, BI Director Says China Cyberattacks on U.S. Infrastructure Now at Unprecedented Scale, WSJ, Feb. 19, 2024