InfoSec Round-Up July 23th

Spyware Response, Aramco Hack & Microsoft Attack

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Pegasus Spyware Response

NSO Group, the organisation behind the controversial surveillance software ‘Pegasus’, has responding to criticism stating that its customers should be the focus of ire and not them.

The software, which was reportedly used to spy on upwards of 50,000 targets, has garnered a significant amount of media attention over the last week, largely relating to its role in monitoring public figures, including journalists, government officials and various international dissidents.

With a list of these targets being leaked, Israeli technology company NSO group has defended itself and its ethics, likening the situation to “criticising a car manufacturer when a drunk driver crashes.”

Additionally, stating that the software is intended for use against criminals and terrorists, and made available only to military, law enforcement, and intelligence agencies from countries with good human-rights records, the software is believed to been used against murdered journalist Jamal Khashoggi.

A spokesperson for the company has stated, “We are sending the system to governments, we get all the correct accreditation and do it all legally… if a customer decides to misuse the system, he will not be a customer anymore. But all the allegations and all the finger-pointing should be at the customer.”

Saudi Aramco Hacked

Saudi Aramco, one of the world’s largest petroleum companies, has confirmed data from one of its contractors has been stolen and is being used in an attempt to extort $50 million from the company.

Believed to be around 1TB of proprietary data, the group behind the attack, ZeroX, claims to have stolen the data by hacking Aramco’s networks sometime back in 2020, with data being posted on the darknet in June of this year.

Reportedly including employee data, client lists, contracts, and network information, the incident has been wrongly labelled by some as a ransomware attack, with the company iterating in public statements that the affected data was held by third-party contractors.

Coming soon after the attack against US fuel company Colonial Pipeline, Aramco is no stranger to cyber-attacks, having had around 35,000 computers wiped by the Shamoon virus back in 2012.

A spokesperson for the company has stated, “[We] recently became aware of the indirect release of a limited amount of company data.” Adding, “We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture”.

China Responsible for Microsoft Attack

The UK, US and EU have named China as being responsible for a major cyber attack against Microsoft Exchange servers, in which at least 30,000 organisations have been affected.

Beginning in January, the attack exploited a vulnerability in the Microsoft systems, inserting backdoors by which large amounts of personal information and intellectual property was stolen from, amongst others, defence contractors, think tanks and universities.

According to a BBC report, Western security services believe this attack signals a shift in espionage tactics and raises concerns over escalating Chinese cyber-behaviour, with the Chinese Communist Party being labelled “reckless” by the UK Foreign Office.

Despite denials from the Chinese government, Antony Blinken, the US secretary of state accused China of a “pattern of irresponsible, disruptive and destabilizing behaviour in cyberspace, which poses a major threat to economic and national security”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.