The cyber intrusion group that targeted the president's campaign operation during 2024 has asserted possession of approximately 100 gigabytes worth of electronic correspondence that could potentially be disclosed, according to Reuters' Monday reporting. Operating under the alias "Robert," these digital attackers have declined to reveal specifics regarding the correspondence contents or provide timelines for any potential publication, the news organization reported.

This latest intimidation emerges during heightened US-Iran tensions following Trump's authorization of American military strikes against the country's nuclear installations in June. Trump had declared the attacks resulted in "total obliteration" of the facilities, though the United Nations nuclear monitoring agency chief stated Sunday that the assaults failed to eliminate Tehran's nuclear capabilities, noting the country could resume uranium enrichment "in a matter of months."

Newsweek confirmed that this same collective had previously distributed certain electronic messages during the period leading up to the US presidential election last year. Through digital conversations with Reuters, the group indicated they had also acquired electronic communications from accounts belonging to Trump legal representative Lindsey Halligan and adult entertainment performer Stormy Daniels, who reportedly received $130,000 for executing a confidentiality agreement concerning an alleged relationship with Trump.

The US Cybersecurity and Infrastructure Security Agency (CISA) declared late Monday that a "hostile foreign adversary is threatening to illegally exploit purportedly stolen and unverified material in an effort to distract, discredit, and divide." The White House and Iran's United Nations mission have been contacted by Newsweek via electronic correspondence for their responses.

This revelation underscores Washington's continued struggles with international interference directed at the executive branch. During September proceedings, the US Justice Department under the Biden administration formally charged three Islamic Revolutionary Guards Corps members with orchestrating a data breach that failed to influence the presidential contest. The cyber collective remained silent regarding these accusations, while Tehran has consistently rejected any involvement in digital espionage activities.

CISA representative Marci McCarthy characterized the digital intrusion as a "calculated smear campaign" designed to harm the president. FBI Director Kash Patel issued a warning through Reuters, stating: "Anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law."

Reuters verified portions of material from the earlier disclosure, which surfaced before the presidential election. The documentation, containing electronic messages from various accounts including Wiles', was distributed to media professionals. One electronic communication reportedly outlined financial arrangements between Trump and legal counsel representing Robert F. Kennedy Jr., Trump's nominee for health secretary. Additional correspondence addressed settlement discussions with Daniels, according to the news organization.

Reuters reported that the cyber attackers claimed they had no plans to release material after Trump's election to his second White House term. However, their position shifted following Trump's intervention in the intensifying Iran-Israel conflict after 12 days of armed confrontations. The group told Reuters they wanted the news agency to "broadcast this matter."

The post Did Iran manage to hack sensitive Trump emails? appeared first on www.israelhayom.com.

Microsoft issued a warning about Iranian government-linked hacking groups attempting to breach accounts of U.S. presidential campaign officials, county government employees, and websites through cyber attacks and influence operations.

These groups have created fake news sites, impersonated activists, circulated disinformation, and conducted influence operations targeting both left-leaning and conservative U.S. voters, sowing discord ahead of the 2024 election, similar to Russian interference in 2016.

The Trump campaign has accused Iran of hacking internal communications.

Microsoft has specifically named the Iranian hacking groups APT35 (Charming Kitten/Mint Sandstorm) as being behind these activities.

Sources: BBC, Newsweek, Independent, Washington Post, AP News, Axios, Politico, USA Today, NPR, Barron's, Yahoo News, TJV News, Indian Express, Breitbart, Times of India, Jerusalem Post, Devdiscourse, Nextgov.

This article was written in collaboration with Generative AI news company Alchemiq.

The post Microsoft says Iranian hacking groups target U.S. presidential campaigns appeared first on www.israelhayom.com.

Poland's most powerful politician has acknowledged that the country bought advanced spyware from the Israeli surveillance software maker NSO Group, but denied that it was being used to target his political opponents.

Follow Israel Hayom on Facebook, Twitter, and Instagram

Jaroslaw Kaczynski, the leader of Poland's ruling conservative party, Law and Justice, said in an interview that the software, Pegasus, is now being used by secret services in many countries to combat crime and corruption. He noted that Pegasus represents a technological advancement over earlier monitoring systems, which did not allow the services to monitor encrypted messages.

"It would be bad if the Polish services did not have this type of tool," Kaczynski said in an interview to be published in the Monday edition of the weekly Sieci, excerpts of which were published Friday by the wPolityce.pl news portal.

The interview follows exclusive reports by The Associated Press that Citizen Lab, a cyber watchdog group at the University of Toronto, found that three Polish government critics were hacked with NSO's Pegasus spyware.

On Thursday, Amnesty International independently verified the finding by Citizen Lab that Sen. Krzysztof Brejza had been hacked multiple times in 2019 when he was running the opposition's parliamentary election campaign. Text messages stolen from Brejza's phone were doctored and aired by state-controlled TV as part of a smear campaign in the heat of the race, which the populist ruling party went on to narrowly win.

Brejza now maintains that the election was not fair since the ruling party would have had access to his campaign's tactical thinking and plans.

The revelations have rocked Poland, drawing comparisons to the 1970s Watergate scandal in the United States and eliciting calls for an investigative commission in parliament.

Kaczynski said he sees no reason to set up such a commission, and he denied that the surveillance played any role in the outcome of the 2019 elections.

"There is nothing here, no fact, except the hysteria of the opposition. There is no Pegasus case, no surveillance," Kaczynski said. "No Pegasus, no services, no secretly obtained information played any role in the 2019 election campaign. They lost because they lost. They shouldn't look for such excuses today."

The other two Polish targets confirmed by Citizen Lab were Roman Giertych, a lawyer who represents opposition politicians in a number of politically sensitive cases, and Ewa Wrzosek, an independent-minded prosecutor.

Kaczynski's allies had previously denied that Poland purchased and used Pegasus.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

Polish Prime Minister Mateusz Morawiecki called the Citizen Lab-AP findings "fake news" and suggested a foreign intelligence service could have done the spying – an idea dismissed by critics who said no other government would have any interest in the three Polish targets.

Deputy Defense Minister Wojciech Skurkiewicz in late December said "the Pegasus system is not in the possession of the Polish services. It is not used to track or surveil anyone in our country."

Media reports say Poland purchased Pegasus in 2017, using money from the so-called Justice Fund, which is meant to help the victims of crimes and rehabilitate criminals. According to investigations by the TVN broadcaster and Gazeta Wyborcza daily, it is used by the Central Anti-Corruption Bureau, a special service created to combat corruption in public life that is under the political control of the ruling party.

"The public money was spent on an important public purpose, related to the fight against crime and the protection of citizens," Kaczynski said.

Dozens of high-profile cases of Pegasus abuse have been uncovered since 2015, many by a global media consortium last year, with the NSO Group malware employed to eavesdrop on journalists, politicians, diplomats, lawyers and human rights activists from the Middle East to Mexico.

The Polish hacks are considered particularly egregious because they occurred not in a repressive autocracy but in a European Union member state.

The post Polish leader denies NSO Group's spyware used to hack political opponents appeared first on www.israelhayom.com.

Israeli cybersecurity firm Sygnia has released a report exposing the activities of a global financial theft operation it has named Elephant Beetle, the company announced Wednesday.

Follow Israel Hayom on Facebook, Twitter, and Instagram

Sygnia's Incident Response (IR) team has spent two years tracking the Elephant Beetle threat group.

The report explains that Elephant Beetle targets legacy Java applications running on Linux-based machines as an initial means of entry. Then, over several months, uses over 80 unique tools and scripts to discreetly expand its foothold and study the internal financial systems of the compromised organization.

In a third phase, Elephant Beetle inputs fraudulent transactions that it hides among the organization's ongoing activity, stealing as much as millions of dollars over time.

Because relatively small amounts are stolen in each instance, the threat group has been able to operate virtually undetected.

The relatively small amounts of money stolen in each incremental instance allows the threat group to avert suspicion and operate virtually undetected, focused mainly in the Latin American market.

Sygnia warns that Elephant Beetle could expand its attacks to organizations worldwide. The company's experts have already identified a breach in the Latin American operations of a US-based company.

"Elephant Beetle is a significant threat due to its highly-organized nature and the stealthy pattern with which it intelligently learns victims' internal financial systems and operations," says Arie Zilberstein, VP of Incident Response at Sygnia.

"Even after initial detection, our experts have found that 'Elephant Beetle' is able to lay low, but remain deeply embedded in a compromised organization's infrastructures, enabling it to reactivate and continue stealing funds at any moment. Particularly in the wake of widespread vulnerabilities like Log4j that are dominating the industry conversation, organizations need to be apprised of this latest threat group and ensure their systems are prepared to prevent an attack," Zilberstein warns.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Israeli cybersecurity firm Sygnia exposes global financial theft operation appeared first on www.israelhayom.com.

Security researchers said Thursday they found two kinds of commercial spyware on the phone of a leading exiled Egyptian dissident, providing new evidence of the depth and diversity of the abusive hacker-for-hire industry.

Follow Israel Hayom on Facebook and Twitter

One piece of malware recently found on an iPhone belonging to Ayman Nour, a dissident and 2005 Egyptian presidential candidate who subsequently spent three years in jail, originated with the increasingly embattled NSO Group of Israel. That company was recently blacklisted by Washington. The other was from a company called Cytrox, which also has Israeli ties. This was the first documentation of a hack by Cytrox, a little-known NSO Group rival.

The spyware was uncovered by digital sleuths at the University of Toronto's Citizen Lab, who said two different governments hired the competing mercenaries to hack Nour's phone. Both instances of malware were simultaneously active on the phone, investigators said after examining its logs. The researchers said they traced the Cytrox hack to Egypt but didn't know who was behind the NSO Group infection.

The researchers said in a report that the intrusions highlight how "hacking civil society transcends any specific mercenary spyware company."

In detailing the Cytrox infection, the researchers said they found the phone of a second Egyptian exile, who asked not to be identified, also hacked with Cytrox's Predator malware. But the bigger discovery, in a joint probe with Facebook, was that Cytrox has customers in countries beyond Egypt including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.

Facebook's owner, Meta, announced on Thursday a flurry of takedowns of accounts affiliated with seven surveillance-for-hire firms – including Cytrox – and notified about 50,000 people in more than 100 countries including journalists, dissidents and clergy who may have been targeted by them. It said it deleted about 300 Facebook and Instagram accounts linked to Cytrox, which appears to operate out of North Macedonia.

Cytrox's last known CEO, Ivo Malinkovski, could not be located for comment. He scrubbed his LinkedIn page earlier this month to remove mention of his Cytrox affiliation – though a coffee mug with the company name was in his profile photo. The business intelligence website Crunchbase says Cytrox was founded in a Tel Aviv suburb in 2017.

Citizen Lab researcher Bill Marzak said investigators found the malware on Nour's iPhone after it was "running hot" in June. He said the Cytrox malware appears to pull the same tricks as NSO Group's Pegasus product – in particular, turning a smartphone into an eavesdropping device and siphoning out its vital data. One captured module records all sides of a live conversation, he said.

Nour said in an interview from Turkey that he was not surprised by the discovery, as he's sure he has been under Egyptian surveillance for years. Nour said he suspected Egyptian military intelligence in the Cytrox hack. An Egyptian foreign ministry spokesman did not respond to calls and texts requesting comment.

Cytrox was part of a shadowy alliance of surveillance tech companies known as Intellexa that was formed to compete with NSO Group. Founded in 2019 by a former IDF officer and entrepreneur named Tal Dilian, Intellexa includes companies that have run afoul of authorities in various countries for alleged abuses.

Four executives of one such firm, Nexa Technologies, were charged in France this year for "complicity of torture" in Libya while criminal charges were filed against three company executives for "complicity of torture and enforced disappearance" in Egypt. The company allegedly sold spy tech to Libya in 2007 and to Egypt in 2014.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

On its website, Intellexa describes itself as "EU-based and regulated, with six sites and R&D labs throughout Europe," but lists no address. Its web page is vague about its offerings, although as recently as October it said that in addition to "covert mass collection" it provides systems "to access target devices and networks" via Wi-Fi and wireless networks. Intellexa said its tools are used by law enforcement and intelligence agencies against terrorists and crimes including financial fraud.

The Associated Press left messages for Dilian and also tried to reach Intellexa through a form on its website, but received no response.

In addition to his involvement in Intellexa, Dilian ran afoul of authorities in Cyprus in 2019 after showing off a "spy van" there to a Forbes reporter. His company was reportedly fined $1 million as result. He also founded and later sold to NSO Group a company called Circle Technologies, which geolocated cellphones.

The hacker-for-hire industry is facing increased scrutiny as well as regulatory and legal pressure. That includes a call by a group of US lawmakers this week to sanction NSO Group, Nexa and their top executives.

The Biden administration last month added NSO Group and another Israeli firm, Candiru, to a blacklist that bars US companies from providing them with technology. And Apple announced last month that it was suing NSO Group, with the tech giant calling the company's employees "amoral 21st century mercenaries." Facebook sued NSO Group in 2019 for allegedly violating its WhatsApp messenger app.

Earlier this month, the Defense Ministry said it was tightening oversight over cybersecurity exports to prevent abuse.

Citzen Lab researchers, who have been tracking NSO Group exploits since 2015, are skeptical. If NSO Group were to disappear tomorrow, competitors could step in without missing a beat with off-the-shelf replacement spyware, they say.

The firms targeted by Facebook in the takedowns announced Thursday included four Israeli companies: Cobwebs, Cognyte, Black Cube, and Bluehawk CI, as well India-based BellTroX and an unknown organization in China. They provide a variety of different kinds of surveillance activity, ranging from simple intelligence collection through fake accounts to wholesale intrusion.

Nour urged international action against hacker-for-hire firms, "whether it comes from Israel or anywhere else. In the end, the biggest problem is those who use these digital monsters to eat and kill innocent people." That includes nonviolent activists and journalists including Nour's late friend, Jamal Khashoggi.

The Saudi journalist was slain in 2018 at his country's Istanbul consulate and is also believed to have been targeted by phone-surveillance software.

The post Watchdog group exposes how deep spyware industry runs appeared first on www.israelhayom.com.

US Deputy Treasury Secretary Wally Adeyemo will travel to the Middle East on Friday, a Treasury spokesperson told Reuters, where he will seek to build partnerships on ransomware and cybersecurity as hackers wreak havoc among some of America's more vital industries.

Follow Israel Hayom on Facebook and Twitter

Adeyemo, in the highest-ranking visit of a Treasury official to the region under US President Joe Biden's administration, will also discuss countering terrorist financing and proliferation as well as economic recovery following the coronavirus pandemic in his visits to Israel, Saudi Arabia, the United Arab Emirates and Qatar.

In Israel, Adeyemo will raise how to focus technology to counter ransomware and other cyber-related threats, the spokesperson said.

It was unclear if he would raise Israeli spyware company NSO Group, which the US Commerce Department added to its trade blacklist this month, saying they sold spyware to foreign governments that used the equipment to target government officials, journalists and others.

Biden has made the government's cybersecurity response a top priority following a series of attacks this year that threatened to destabilize US energy and food supplies.

Hackers use ransomware to take down systems that control everything from hospital billing to manufacturing. They stop only after receiving hefty payments, typically in cryptocurrency.

This year, gangs have hit numerous US companies in large-scale hacks. One such attack on pipeline operator Colonial Pipeline led to temporary fuel supply shortages on the US East Coast. Hackers also targeted an Iowa-based agricultural company, sparking fears of disruptions to grain harvesting in the Midwest.

The US Treasury Department in a sanctions review last month warned that digital currencies and payment systems could reduce the efficacy of US sanctions, allowing the transfer of funds outside the dollar-based financial system.

"The Deputy Secretary's visit comes on the heels of a sanctions review that emphasized multilateral coordination on sanctions, as well as the threats posed by emerging technologies like virtual assets," the spokesperson said.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post US Treasury official departs for Middle East to build cybersecurity partnerships appeared first on www.israelhayom.com.

Microsoft warned on Monday that a group of Iranian or pro-Iranian hackers it has been tracking has been trying to breach numerous Microsoft Office 365 accounts through password-guessing attacks targeting and at times compromising systems of US and Israeli defense technology companies.

Follow Israel Hayom on Facebook and Twitter

In a blog post, Microsoft's Threat Intelligence Center and Digital Security Unit assessed that a new cyber "activity cluster" linked to Iran had targeted hundreds of Microsoft Office 365 accounts beginning in July tied to groups including US and Israeli defense companies, Persian Gulf entry ports, and global maritime transportation companies.

The hackers have been targeting US, EU, and Israeli defense companies that produce "military-grade radars, drone technology, satellite systems and emergency response communication systems," the company wrote, according to PCMag.

Microsoft said the hacking group has been using these "password-spraying" attacks on 250 Office 365 "tenants." These tenants encompass an entire organization's resources, including employee user accounts, under a Microsoft cloud service.

Password-spraying attacks involve learning a user's email address and then attempting numerous passwords over several hours or days to try and break in.

"Less than 20 of the targeted tenants were successfully compromised," Microsoft added.

The company has dubbed the hacking group DEV-0343. Other targets have included Persian Gulf ports of entry and global maritime transportation companies in the Middle East.

"Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle East to enhance their contingency plans," the company said. "Gaining access to commercial satellite imagery and proprietary shipping plans and logs could help Iran compensate for its developing satellite program."

To stop the attacks, Microsoft encouraged its clients to enable multi-factor authentication on their accounts. This requires anyone logging on to type in both the correct password, and provide another mode of authentication, usually a one-time passcode generated over the account owner's smartphone.

The blog post by Microsoft's Threat Intelligence Center and Digital Security Unit was published less than a week after the tech giant released its annual Digital Defense Report, in which the company detailed efforts by Iran to use destructive attacks, mainly against Israel, amid mounting regional tensions.

"This year marked a near quadrupling in the targeting of Israeli entities, a result exclusively of Iranian actors, who focused on Israel as tensions sharply escalated between the adversaries," the report stated.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Microsoft: Iranian hackers targeted Israeli defense companies appeared first on www.israelhayom.com.

Follow Israel Hayom on Facebook and Twitter

Last week, Israel Hayom revealed that the ministry intended to probe the claims circulating about NSO's conduct. The report said that the team entrusted with looking into the reports would include representatives of the Defense Ministry, the National Security Council, the Mossad, and other officials. The team is charged with clarifying whether or not NSO Group operated in accordance with the terms of its defense export permit, which it received from the Defense Ministry's Defense Exports Control Agency (DECA), and whether or not the company's products have been used in ways that violate the terms of the permit.

The decision to launch a probe into the affair was made following the sensation caused by reports in 17 international media outlets, including the Washington Post and the Guardian, which were based on a leaked document that the reports said included 50,000 cellphone numbers that various governments had asked to track using NSO's Pegasus software.

The authors of the expose claimed that in 37 cases that had been checked, Pegasus had been used to crack or try to crack the devices of political officials, elected officials, journalists, and human rights activists. The report also claimed that a few national leaders, including French President Emmanuel Macron, had been targeted for tracking.

Unsurprisingly, the report sparked massive backlash against NSO. France's chief prosecutor announced that he had launched an investigation into the matter after the site Mediapart claimed that two of its reporters had been the targets of Morocco's security services, which had supposedly employed the Pegasus software. Meanwhile, the Indian new site The Wire said that the government had asked to track the cellphone of opposition leader Rahul Gandhi.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Defense Ministry launches investigation into NSO Pegasus affair appeared first on www.israelhayom.com.

The number of cyber incidents reported in Israel grew by 50% over the past year, the Israel National Cyber Directorate warned on Saturday.

Follow Israel Hayom on Facebook and Twitter

In its annual report, the agency said that over 14,000 alerts had been filed in Israel throughout 2020.

Out of those, 9,000 turned out to be cyber incidents – a 50% increase over the previous year.

Social network hacking attacks accounted for the bulk of the incidents, comprising about three out of every five incidents.

Identity theft and phishing attacks – cyberattacks designed to goad a user into revealing sensitive information – accounted equally for about another 14% each.

The rest of the incidents entailed cyber intrusions, malware attacks and identification breaches, the authority said.

The technology, energy and government sectors took the brunt of the attacks, the report said, while also listing a few of the major incidents spotted during this period, such as the hack of the Shirbit insurance company and a cyberattack that targeted Israel's water supply and controls.

This article was first published by i24NEWS.

 Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Cyber 'incidents' in Israel spike 50% since start of COVID pandemic   appeared first on www.israelhayom.com.

A leaker says they are offering information on more than 500 million Facebook Inc users - including phone numbers and other data - virtually for free.

Follow Israel Hayom on Facebook and Twitter

The database appears to be the same set of Facebook-linked telephone numbers that has been circulating in hacker circles since January and whose existence was first reported by tech publication Motherboard, according to Alon Gal, co-founder of Israeli cybercrime intelligence firm Hudson Rock.

Reuters was not immediately able to vet the information, which is being offered for a few euros' worth of digital credit on a well-known site for low-level hackers, but Gal said on Saturday that he had verified the authenticity of at least some of the data by comparing it against phone numbers of people he knew. Other journalists say they have also been able to match known phone numbers to the details in the data dump.

In a statement, Facebook said that the data was "very old" and related to an issue that it had fixed in August 2019.

An attempt by Reuters to reach the leaker over the messaging service Telegram was not immediately successful.

Gal told Reuters that Facebook users should be alert to "social engineering attacks" by people who may have obtained their phone numbers or other private data in the coming months.

According to Ido Naor of cybersecurity firm Security Joes, "the phone numbers of 3.9 million Israelis" were included in the leak."

News of the latest leak here was first reported by Business Insider.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Leaker offers private details of 500 million Facebook users appeared first on www.israelhayom.com.