<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>cyberespionage &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/cyberespionage/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Tue, 18 Nov 2025 17:14:37 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>AI as Cyberattacker</title>
		<link>https://noise.getoto.net/2025/11/21/ai-as-cyberattacker/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 21 Nov 2025 12:01:36 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=71202</guid>

					<description><![CDATA[<p>From <a href="https://www.anthropic.com/news/disrupting-AI-espionage">Anthropic</a>:</p>
<blockquote><p>In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.</p>
<p>The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>First Sentencing in Scheme to Help North Koreans Infiltrate US Companies</title>
		<link>https://noise.getoto.net/2025/08/04/first-sentencing-in-scheme-to-help-north-koreans-infiltrate-us-companies/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 04 Aug 2025 11:01:27 +0000</pubDate>
				<category><![CDATA[courts]]></category>
		<category><![CDATA[crime]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[law enforcement]]></category>
		<category><![CDATA[north korea]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70539</guid>

					<description><![CDATA[<p>An Arizona woman was <a href="https://www.justice.gov/opa/pr/arizona-woman-sentenced-17m-information-technology-worker-fraud-scheme-generated-revenue">sentenced</a> to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers.</p>
<p>From an <a href="https://www.bleepingcomputer.com/news/security/us-woman-sentenced-to-8-years-in-prison-for-running-laptop-farm-helping-north-koreans-infiltrate-300-firms/">article</a>:</p>
<blockquote><p>According to <a href="https://www.justice.gov/usao-dc/media/1352191/dl">court documents</a>, Chapman hosted the North Korean IT workers’ computers in her own home between October 2020 and October 2023, creating a so-called “laptop farm” which was used to make it appear as though the devices were located in the United States.</p>
<p>The North Koreans were hired as remote software and application developers with multiple Fortune 500 companies, including an aerospace and defense company, a major television network, a Silicon Valley technology company, and a high-profile company...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Silk Typhoon Hackers Indicted</title>
		<link>https://noise.getoto.net/2025/03/11/silk-typhoon-hackers-indicted/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 11 Mar 2025 17:14:28 +0000</pubDate>
				<category><![CDATA[china]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[law enforcement]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69990</guid>

					<description><![CDATA[<p>Lots of interesting details in <a href="https://www.wired.com/story/us-charges-12-alleged-spies-in-chinas-freewheeling-hacker-for-hire-ecosystem/">the story</a>:</p>
<blockquote><p>The US Department of Justice on Wednesday <a href="https://www.justice.gov/opa/pr/justice-department-charges-12-chinese-contract-hackers-and-law-enforcement-officers-global">announced</a> the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year.</p>
<p>[…]</p>
<p>According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media outlets that have criticized the Chinese government, and most recently the US Treasury, which was breached between September and December of last year. An internal Treasury report ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Apps That Are Spying on Your Location</title>
		<link>https://noise.getoto.net/2025/01/10/apps-that-are-spying-on-your-location/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 10 Jan 2025 16:27:17 +0000</pubDate>
				<category><![CDATA[adware]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[data collection]]></category>
		<category><![CDATA[geolocation]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69778</guid>

					<description><![CDATA[<p>404 Media and Wired are <a href="https://www.wired.com/story/gravy-location-data-app-leak-rtb/">reporting</a> on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics:</p>
<blockquote><p>The thousands of apps, <a href="https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/">included in hacked files</a> from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem­—not code developed by the app creators themselves—­this data collection is likely happening both without users’ and even app developers’ knowledge...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NSO Group Spies on People on Behalf of Governments</title>
		<link>https://noise.getoto.net/2024/11/27/nso-group-spies-on-people-on-behalf-of-governments/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 27 Nov 2024 12:05:16 +0000</pubDate>
				<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[israel]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69623</guid>

					<description><![CDATA[<p>The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve  <a href="https://www.theguardian.com/technology/2024/nov/14/nso-pegasus-spyware-whatsapp">learned</a> that that’s not true: that NSO Group employees operate the spyware on behalf of their customers.</p>
<blockquote><p>Legal documents released in <a href="https://www.theguardian.com/technology/2024/feb/29/pegasus-surveillance-code-whatsapp-meta-lawsuit-nso-group">ongoing US litigation between NSO Group and WhatsApp</a> have revealed for the first time that the Israeli cyberweapons maker ­ and not its government customers ­ is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>On the CSRB’s Non-Investigation of the SolarWinds Attack</title>
		<link>https://noise.getoto.net/2024/07/08/on-the-csrbs-non-investigation-of-the-solarwinds-attack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 08 Jul 2024 17:59:33 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[DHS]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69131</guid>

					<description><![CDATA[ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft&#8217;s culpability, even though they were directed by President Biden to do so.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The US Is Banning Kaspersky</title>
		<link>https://noise.getoto.net/2024/06/26/the-us-is-banning-kaspersky/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 26 Jun 2024 11:06:26 +0000</pubDate>
				<category><![CDATA[antivirus]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69100</guid>

					<description><![CDATA[<p><a href="https://www.wired.com/story/us-bans-kaspersky-software/?redirectURL=https%3A%2F%2Fwww.wired.com%2Fstory%2Fus-bans-kaspersky-software%2F">This move</a> has been coming for a long time.</p>
<blockquote><p>The Biden administration on Thursday said it’s <a>banning the company</a> from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—­the first such action under authorities given to the Commerce Department in 2019­—follows <a href="https://www.wired.com/story/wired-awake-140917/">years of warnings</a> from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>On the Zero-Day Market</title>
		<link>https://noise.getoto.net/2024/05/24/on-the-zero-day-market/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 24 May 2024 11:07:53 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[zero day]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68950</guid>

					<description><![CDATA[<p>New paper: “<a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4626426">Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market</a>“:</p>
<blockquote><p>Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Microsoft Is Spying on Users of Its AI Tools</title>
		<link>https://noise.getoto.net/2024/02/20/microsoft-is-spying-on-users-of-its-ai-tools/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 20 Feb 2024 12:02:00 +0000</pubDate>
				<category><![CDATA[artificial intelligence]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68456</guid>

					<description><![CDATA[<p>Microsoft announced that it <a href="https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/">caught</a> Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities.</p>
<p>From their <a href="https://www.microsoft.com/en-us/security/business/security-insider/reports/cyber-signals/cyber-signals-issue-6-navigating-cyberthreats-and-strengthening-defenses/">report</a>:</p>
<blockquote><p>In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon—using LLMs to augment cyberoperations.</p></blockquote>
<p>The only way Microsoft or OpenAI would know this would be to spy on chatbot sessions. I’m sure the terms of service—if I bothered to read them—gives them that permission. And of course it’s no surprise that Microsoft and OpenAI (and, presumably, everyone else) are spying on our usage of AI, but this confirms it...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Fake Signal and Telegram Apps in the Google Play Store</title>
		<link>https://noise.getoto.net/2023/09/14/fake-signal-and-telegram-apps-in-the-google-play-store/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 14 Sep 2023 11:05:51 +0000</pubDate>
				<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[open source]]></category>
		<category><![CDATA[signal]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Telegram]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67779</guid>

					<description><![CDATA[<p>Google <a href="https://arstechnica.com/security/2023/08/google-removes-fake-signal-and-telegram-apps-hosted-on-play/">removed</a> fake Signal and Telegram apps from its Play store.</p>
<blockquote><p>An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>China Hacked Japan’s Military Networks</title>
		<link>https://noise.getoto.net/2023/08/14/china-hacked-japans-military-networks/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 14 Aug 2023 11:02:28 +0000</pubDate>
				<category><![CDATA[china]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[japan]]></category>
		<category><![CDATA[military]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67663</guid>

					<description><![CDATA[<p>The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The <i>Washington Post</i> has the <a href="https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/">story</a>:</p>
<blockquote><p>The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity.</p>
<p>[…]</p>
<p>The 2020 penetration was so disturbing that Gen. Paul Nakasone, the head of the NSA and U.S. Cyber Command, and Matthew Pottinger, who was White House deputy national security adviser at the time, raced to Tokyo. They briefed the defense minister, who was so concerned that he arranged for them to alert the prime minister himself...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Chinese Hacking of US Critical Infrastructure</title>
		<link>https://noise.getoto.net/2023/05/31/chinese-hacking-of-us-critical-infrastructure/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 31 May 2023 14:53:11 +0000</pubDate>
				<category><![CDATA[china]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67405</guid>

					<description><![CDATA[Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure.
Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>FBI Disables Russian Malware</title>
		<link>https://noise.getoto.net/2023/05/10/fbi-disables-russian-malware/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 10 May 2023 15:25:00 +0000</pubDate>
				<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[fbi]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67333</guid>

					<description><![CDATA[<p>Reuters is <a href="https://www.reuters.com/world/fbi-says-it-has-sabotaged-hacking-tool-created-by-elite-russian-spies-2023-05-09/">reporting</a> that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.”</p>
<p>The headline says that the FBI “sabotaged” the malware, which seems to be wrong.</p>
<p>Presumably we will learn more soon.</p>
<p>EDITED TO ADD: <i>New York Times</i> <a href="https://www.nytimes.com/2023/05/09/us/politics/fbi-russia-malware.html">story</a>.</p>
<p>EDITED TO ADD: Maybe “sabotaged” is the right word. The FBI <a href="https://arstechnica.com/information-technology/2023/05/how-the-fbi-pwned-turla-a-kremlin-jewel-and-one-of-worlds-most-skilled-apts/">hacked the malware</a> so that it disabled itself.</p>
<blockquote><p>Despite the bravado of its developers, Snake is among the most sophisticated pieces of malware ever found, the FBI said. The modular design, custom encryption layers, and high-caliber quality of the code base have made it hard if not impossible for antivirus software to detect. As FBI agents continued to monitor Snake, however, they slowly uncovered some surprising weaknesses. For one, there was a critical cryptographic key with a prime length of just 128 bits, making it vulnerable to factoring attacks that expose the secret key. This weak key was used in Diffie-Hellman key exchanges that allowed each infected machine to have a unique key when communicating with another machine...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Russian Cyberwarfare Documents Leaked</title>
		<link>https://noise.getoto.net/2023/03/31/russian-cyberwarfare-documents-leaked/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 30 Mar 2023 22:00:03 +0000</pubDate>
				<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[cyberwar]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[leaks]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[whistleblowers]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67134</guid>

					<description><![CDATA[<p>Now <a href="https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics">this</a> is interesting:</p>
<blockquote><p>Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.</p>
<p>The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia’s foreign intelligence organisation.</p></blockquote>
<p>Lots more at the link...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>US Citizen Hacked by Spyware</title>
		<link>https://noise.getoto.net/2023/03/21/us-citizen-hacked-by-spyware/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 21 Mar 2023 12:34:27 +0000</pubDate>
				<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[Greece]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Meta]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67088</guid>

					<description><![CDATA[<p>The <i>New York Times</i> is <a href="https://www.nytimes.com/2023/03/20/world/europe/greece-spyware-hacking-meta.html">reporting</a> that a US citizen’s phone was hacked by the Predator spyware.</p>
<blockquote><p>A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.</p>
<p>The disclosure is the first known case of an American citizen being targeted in a European Union country by the advanced snooping technology, the use of which has been the subject of a widening scandal in Greece. It demonstrates that the illicit use of spyware is spreading beyond use by authoritarian governments against opposition figures and journalists, and has begun to creep into European democracies, even ensnaring a foreign national working for a major global corporation...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NSA Employee Charged with Espionage</title>
		<link>https://noise.getoto.net/2022/10/04/nsa-employee-charged-with-espionage/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 04 Oct 2022 11:30:29 +0000</pubDate>
				<category><![CDATA[cryptocurrency]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[fbi]]></category>
		<category><![CDATA[NSA]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[undercover]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65925</guid>

					<description><![CDATA[<p>An ex-NSA employee <a href="https://www.nytimes.com/2022/09/30/us/nsa-espionage-colorado.html">has</a> <a href="https://www.cnn.com/2022/09/29/politics/jareh-sebastian-dalke-nsa-espionage-sell-secrets-charged/index.html">been</a> <a href="https://www.nextgov.com/technology-news/2022/09/nsa-employee-leaked-classified-cyber-intel-charged-espionage/377846/">charged</a> <a href="https://www.cyberscoop.com/nsa-former-employee-espionage/">with</a> trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent).</p>
<p>It’s a weird story, and the FBI <a href="https://www.documentcloud.org/documents/23113211-dalke_affidavit_0">affidavit</a> raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent. It’s not clear how much of this was the employee’s idea, and whether he was goaded by the FBI agent. Still, hooray for not leaking NSA secrets to the Russians. (And, almost ten years after Snowden, do we still have this much trouble vetting people before giving them security clearances?)...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Security Vulnerabilities in Covert CIA Websites</title>
		<link>https://noise.getoto.net/2022/09/30/security-vulnerabilities-in-covert-cia-websites/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 30 Sep 2022 14:19:16 +0000</pubDate>
				<category><![CDATA[cia]]></category>
		<category><![CDATA[Citizen Lab]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[operational security]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65917</guid>

					<description><![CDATA[<p>Back in 2018, we learned that covert system of websites that the CIA used for communications was <a href="https://news.yahoo.com/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html/">compromised by</a>—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re <a href="https://www.reuters.com/investigates/special-report/usa-spies-iran/">now learning</a> that the CIA is still “using an irresponsibly secured system for asset communication.”</p>
<p>Citizen Lab did the <a href="https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/">research</a>:</p>
<blockquote><p>Using only a single website, as well as publicly available material such as historical internet scanning results and the Internet Archive’s Wayback Machine, we identified a network of 885 websites and have high confidence that the United States (US) Central Intelligence Agency (CIA) used these sites for covert communication...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Microsoft Issues Report of Russian Cyberattacks against Ukraine</title>
		<link>https://noise.getoto.net/2022/04/28/microsoft-issues-report-of-russian-cyberattacks-against-ukraine/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 28 Apr 2022 14:15:56 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[cyberwar]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Ukraine]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65378</guid>

					<description><![CDATA[<p>Microsoft has a <a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd">comprehensive report</a> on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war:</p>
<blockquote><p>At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Long Article on NSO Group</title>
		<link>https://noise.getoto.net/2022/04/21/long-article-on-nso-group/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 21 Apr 2022 12:16:35 +0000</pubDate>
				<category><![CDATA[Citizen Lab]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[israel]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65346</guid>

					<description><![CDATA[Ronan Farrow has a long article in the New Yorker on NSO Group, which includes the news that someone &#8212; probably Spain &#8212; used the software to spy on domestic Catalonian separatists.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>US Critical Infrastructure Companies Will Have to Report When They Are Hacked</title>
		<link>https://noise.getoto.net/2022/03/15/us-critical-infrastructure-companies-will-have-to-report-when-they-are-hacked/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 15 Mar 2022 11:01:18 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[defense]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[laws]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65227</guid>

					<description><![CDATA[<p>This <a href="https://apnews.com/article/russia-ukraine-technology-business-congress-gary-peters-c46e063220568b2beb56220ac60f6041">will be law</a> soon:</p>
<blockquote><p>Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress.</p>
<p>[…]</p>
<p>The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 34/326 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-11 08:56:40 by W3 Total Cache
-->