The US Congress Was Targeted With Predator Spyware

The media consortium, along with security researchers from Amnesty International and Google’s Threat Analysis Group, were able to show Vietnam’s connection to the Predator hacking campaign through documents they obtained that detail the Vietnamese government’s contract with Intellexa in 2020, and later an extension of the deal to allow the use of the Predator software. The internal documents went so far as to capture the response of Intellexa’s founder, Israeli former military hacker turned entrepreneur Tal Dilian, when the deal was announced: “Wooow!!!!” Vietnam’s government would later target French officials with Predator before this year’s campaign targeting US congressmen.

Despite efforts by Israel and other nations to cut off funding to Hamas in recent years, the group raised millions of dollars worth of cryptocurrency before the past weekend’s attack that killed more than a thousand Israelis. An analysis by The Wall Street Journal found that Hamas, Palestinian Islamic Jihad, and Hezbollah had collectively raised hundreds of millions in crypto over the past several years, with $41 million going to Hamas specifically. Given that the Journal learned of that funding in part through Israeli seizures of crypto accounts, however, it’s not clear how much of that money was frozen or seized versus how much might have actually been successfully laundered or liquidated by Hamas and other groups. 

In response to the weekend’s attacks, the Israeli government and the world’s largest crypto exchange, Binance, both announced that a new round of Hamas crypto accounts had been frozen. Though crypto has helped Hamas and other groups move funds across borders, its traceability on blockchains has presented a challenge for designated terrorist groups. In 2021, for instance, Hamas asked its supporters to stop making donations via cryptocurrency, due to the ease of tracking those transactions and unmasking contributors.

Last year, Reuters reporters Chris Bing and Raphael Satter published an investigation into Aviram Azari, an Israeli private investigator who is accused of using mercenary hackers to gather intelligence on the critics of major corporations involved in lawsuits against them. 

Now, prosecutors in the Southern District of New York, where Azari has been convicted on criminal charges, have filed a sentencing memo that notes that activists’ communications stolen by Azari’s hackers were later used by Exxon in the company’s attempts to head off investigations and lawsuits by state attorneys general. The memo still doesn’t name Exxon as Azari’s client, but it implicitly suggests a link between the company and Azari: Prosecutors point in their memo to leaks of climate activists’ private emails to media, which were later cited by Exxon in their responses to state attorney generals as evidence of underhanded tactics by activists as they tried to prove that Exxon knew and covered up the role of fossil fuels in climate change. A Massachusetts lawsuit against Exxon that resulted from the state’s investigation is ongoing.

Internet giant Akamai warned this week that the infamous Magecart hacker crew, long focused on credit card fraud, has developed a clever new technique for spoofing credit card payment fields. The hackers managed to hide their malicious scripts in the 404 “page not found” error pages of ecommerce sites, then trigger those pages to load a spoofed payment field that impersonates a checkout page to steal credit card information. “The idea of manipulating the default 404 error page of a targeted website can offer Magecart actors various creative options for improved hiding and evasion,” warned Akamai researcher Roman Lvovsky. Akamai noted that the technique was used on the website of significant brands in the food and retail industries but declined to name them.