israel – Noise

AI-Enabled Influence Operation Against Iran

Bruce Schneier — Tue, 07 Oct 2025 11:04:23 +0000

Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel.

Key Findings

A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer to as “PRISONBREAK,” is spreading narratives inciting Iranian audiences to revolt against the Islamic Republic of Iran.
While the network was created in 2023, almost all of its activity was conducted starting in January 2025, and continues to the present day.
The profiles’ activity appears to have been synchronized, at least in part, with the military campaign that the Israel Defense Forces conducted against Iranian targets in June 2025. ...

Paragon Spyware Used to Spy on European Journalists

Bruce Schneier — Fri, 13 Jun 2025 10:17:42 +0000

Paragon is an Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit:

On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the technical analysis of their cases. The key findings from our forensic analysis of their devices are summarized below:

Our analysis finds forensic evidence confirming with high confidence that both a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, were targeted with Paragon’s Graphite mercenary spyware. ...

Court Rules Against NSO Group

Bruce Schneier — Tue, 13 May 2025 11:07:54 +0000

The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’...

Report on Paragon Spyware

Bruce Schneier — Tue, 25 Mar 2025 11:05:01 +0000

Citizen Lab has a new report on Paragon’s spyware:

Key Findings:

Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for.
Infrastructure Analysis of Paragon Spyware. Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. ...

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Bruce Schneier — Tue, 24 Dec 2024 12:04:24 +0000

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.

NSO Group Spies on People on Behalf of Governments

Bruce Schneier — Wed, 27 Nov 2024 12:05:16 +0000

The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers.

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software...

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

Bruce Schneier — Tue, 15 Oct 2024 11:06:44 +0000

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here).

The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924...

An Internet traffic analysis during Iran’s April 13, 2024, attack on Israel

João Tomé — Sun, 14 Apr 2024 21:23:15 +0000

On April 13, 2024, Iran launched a retaliatory attack on Israel. We examined its potential impact on Internet traffic and attacks. While there were some shifts in traffic, we haven't observed any large-scale cyberattacks on Israeli domains protected by Cloudflare.

DDoS threat report for 2023 Q4

Omer Yoachimik http://blog.cloudflare.com/author/omer/ — Tue, 09 Jan 2024 14:00:25 +0000

Welcome to the sixteenth edition of Cloudflare’s DDoS Threat Report. This edition covers DDoS trends and key findings for the fourth and final quarter of the year 2023, complete with a review of major trends throughout the year

Paragon Solutions Spyware: Graphite

Bruce Schneier — Thu, 08 Jun 2023 11:30:42 +0000

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with what seems to be US approval:

American approval, even if indirect, has been at the heart of Paragon’s strategy. The company sought a list of allied nations that the US wouldn’t object to seeing deploy Graphite. People with knowledge of the matter suggested 35 countries are on that list, though the exact nations involved could not be determined. Most were in the EU and some in Asia, the people said...

Cyberweapons Manufacturer QuaDream Shuts Down

Bruce Schneier — Tue, 25 Apr 2023 10:09:08 +0000

Following a report on its activities, the Israeli spyware company QuaDream has shut down.

This was QuadDream:

Key Findings

Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time.

We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware. The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call ...

Cyberattacks on Holocaust educational websites increased in 2022

Omer Yoachimik — Fri, 27 Jan 2023 14:00:00 +0000

Today, 78 years after the liberation of the Auschwitz death camp, we mark the International Holocaust Remembrance Day. With Cloudflare’s Project Galileo, we protect Holocaust educational websites and at risk public interest groups. Read more to see how attacks on these groups increased in 2022.

Spyware Maker Intellexa Sued by Journalist

Bruce Schneier — Fri, 07 Oct 2022 11:13:42 +0000

The Greek journalist Thanasis Koukakis was spied on by his own government, with a commercial spyware product called “Predator.” That product is sold by a company in North Macedonia called Cytrox, which is in turn owned by an Israeli company called Intellexa.

Koukakis is suing Intellexa.

The lawsuit filed by Koukakis takes aim at Intellexa and its executive, alleging a criminal breach of privacy and communication laws, reports Haaretz. The founder of Intellexa, a former Israeli intelligence commander named Taj Dilian, is listed as one of the defendants in the suit, as is another shareholder, Sara Hemo, and the firm itself. The objective of the suit, Koukakis says, is to spur an investigation to determine whether a criminal indictment should be brought against the defendants...

Long Article on NSO Group

Bruce Schneier — Thu, 21 Apr 2022 12:16:35 +0000

Ronan Farrow has a long article in the New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian separatists.

Protecting Holocaust educational websites

Omer Yoachimik — Thu, 27 Jan 2022 17:21:00 +0000

Cloudflare’s Project Galileo provides free protection to at-risk groups across the world including Holocaust educational and remembrance websites

NSO Group’s Pegasus Spyware Used Against US State Department Officials

Bruce Schneier — Mon, 13 Dec 2021 12:16:44 +0000

NSO Group’s descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We don’t know which NSO Group customer trained the spyware on the US. But the company does:

NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled access for the relevant customers and would investigate based on the Reuters inquiry.

“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” said an NSO spokesperson, who added that NSO will also “cooperate with any relevant government authority and present the full information we will have.”...

New York Times Journalist Hacked with NSO Spyware

Bruce Schneier — Mon, 25 Oct 2021 18:46:25 +0000

Citizen Lab is reporting that a New York Times journalist was hacked with the NSO Group’s spyware Pegasus, probably by the Saudis. The world needs to do something about these cyberweapons arms manufacturers. This kind of thing isn’t enough;...

Candiru: Another Cyberweapons Arms Manufacturer

Bruce Schneier — Mon, 19 Jul 2021 15:54:58 +0000

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru.

From the report:

Summary:

Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.
Using Internet scanning we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities. ...