HYAS Research Labs has been following research by Canada’s own CitizenLab and Sekoia on the mercenary spyware “Predator”, made by Cytrox, which was discovered to be targeting an Egyptian former MP (link is to AP story, and is also linked below) who announced a potential run for the presidency.
HYAS security engineer David Brundson investigated the IOCs mentioned in both reports using HYAS Insight and found details that could lead toward threat actor attribution, which he publishes in “Examining Predator Mercenary Spyware”
The HYAS blog provides recaps the threat actor’s attack, delves into strategy and, through HYAS Insight, identifies their likely location.
Brundson also offers HYAS Recommendations: Individuals concerned about possibly being the target of mercenary spyware should reboot their phones daily, as thus far, it hasn’t been reported that Predator has persistence after reboot. Organizations should strongly consider protective DNS, such as HYAS Protect, which was today named for an InfoSec Innovator Award.
HYAS Blog – Examining Predator Mercenary Spyware: https://www.hyas.com/blog/examining-predator-mercenary-spyware
Like this:
Like Loading...
Related
This entry was posted on October 26, 2023 at 1:30 pm and is filed under Commentary with tags HYAS. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
HYAS Examines Predator Mercenary Mobile Spyware
HYAS Research Labs has been following research by Canada’s own CitizenLab and Sekoia on the mercenary spyware “Predator”, made by Cytrox, which was discovered to be targeting an Egyptian former MP (link is to AP story, and is also linked below) who announced a potential run for the presidency.
HYAS security engineer David Brundson investigated the IOCs mentioned in both reports using HYAS Insight and found details that could lead toward threat actor attribution, which he publishes in “Examining Predator Mercenary Spyware”
The HYAS blog provides recaps the threat actor’s attack, delves into strategy and, through HYAS Insight, identifies their likely location.
Brundson also offers HYAS Recommendations: Individuals concerned about possibly being the target of mercenary spyware should reboot their phones daily, as thus far, it hasn’t been reported that Predator has persistence after reboot. Organizations should strongly consider protective DNS, such as HYAS Protect, which was today named for an InfoSec Innovator Award.
HYAS Blog – Examining Predator Mercenary Spyware: https://www.hyas.com/blog/examining-predator-mercenary-spyware
Share this:
Like this:
Related
This entry was posted on October 26, 2023 at 1:30 pm and is filed under Commentary with tags HYAS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.