7/ The #Candiru targeting that we saw was via email. Again, often super personalized.
They impersonated official COVID communications from Spanish gov, notifications from biz registries, etc.
Sometimes Candiru & #Pegasus targeting themes overlapped.
8/ Craziest story? Victim working on a live #Candiru infected computer had to be persuaded to step into the hallway using a ruse so we could explain the situation away from it's microphones...
Material was shared w/@MsftSecIntel which led to 1.4 billion devices getting patched.
9/ The folks at @AmnestyTech conducted an independent validation of our forensic methods on a selection of cases.
10/ Which government is behind #CatalanGate? Well, we aren't conclusively attributing to a specific government...
But substantial circumstantial evidence suggests a nexus with the Government of Spain.
11/ Big picture: people think the problem with mercenary spyware is that it gets sold to dictators. Who abuse it. True.
Turns out that when democracies acquire it, risk of abuse is dangerously high.
It's abundantly clear that this is now a major problem in the #EU.
12/ EU MEPs have begun weighing in👇
🇪🇺 EU Parliament's new committee on Pegasus spyware has first meeting tomorrow.
14/ Cases like this cannot come to light without the many victims & organizations that graciously consent to participating in our research, and chose to come forward & be named.
Without them, this report would not have been possible.
15/ Special acknowledgement to the team @domesticstream who helped us do the amazing graphical companion to our report.
IMPORTANT: has @Apple sent you a mercenary spyware threat notification?
Latest round just went out.
Take them seriously. Get expert help.
If you a journalist, activist, dissident etc. I suggest you ✅contact @accessnow's helpline. 1/ accessnow.org/help/
2/ In my experience, @Apple's mercenary spyware threat notifications do several things:
✅ Help users take action to secure themselves
✅ Impose cost on spyware companies & customers
✅ Keep us researchers busy investigating cases
They can also have a✅deterrent effect.
@Apple 3/ I never tire of saying that @apple threat notifications have helped to change the information balance between spyware victims & those that target them.
They have also kicked off waves of scandals & discoveries of spyware abuses. Like in #Poland👇
2/ The investigation behind this Russian political interference takedown is interesting.
First, the @FBI got account registration info for a slice of fake accounts on @X
They found a lot of email accounts registered on the same server.
So they went to the registrar...
@FBI @X 3/ While the domain registrar (Namecheap) had a bunch of account registration information for the @FBI, the info was a fake name and some alias information.
Strike out? No. The FBI began a subpoena cascade, starting with the Google account used to register the domain.