The Chinese influence is aimed at the BBC. Konni RAT targets Russian organizations. Bahraini activists compromised by Pegasus.
At a glance.
- The Chinese influence is aimed at the BBC.
- Triada trojan distributed via WhatsApp mod.
- Konni RAT targets Russian organizations.
- Bahraini activists compromised by Pegasus.
The Chinese influence is aimed at the BBC.
Recorded Future has seen “large-scale, likely government-sponsored, influence” against the UK and the BBC in particular. The campaign advances the line of the Chinese government that the BBC apply a “gloomy filter” to photos of China in order to portray the country as gray and dreary:
“The campaign includes hundreds of websites and social media accounts and thousands of comments from government news sources, fake news websites, and Chinese and Western social media platforms. China’s pro-government media and Chinese Communist Party (CCP) officials have recently increased their criticism of the UK and the BBC in response to a recent BBC report that revealed that Beijing’s leading propaganda companies are incentivizing foreigners called “stringers” Generating pro-Chinese influence on social media. To counter allegations the BBC has brought propaganda reports to social media to criticize the journalistic integrity of the BBC, accusing it of an “underworld filter” or “gloomy filter” (阴间 滤镜) to have used photos and videos of China to make the country look lifeless, boring and sad to foreign viewers. The BBC firmly denies these allegations. “
“In the past 6 months, there were over 11,000 references to the Mandarin term for ‘dark filter’ in open source, of which over half occurred in the last 30 days. English-language mentions of ‘BBC underworld filter’ have also skyrocketed in recent weeks, totaling over 56,300 in 6 weeks. Since the ‘stringers’ started spreading Chinese propaganda, references to the “dark filter” in English have increased dramatically. “
Triada trojan distributed via WhatsApp mod.
Kaspersky researchers warn that the Android Trojan Triada is being distributed via an unofficial WhatsApp mod called “FMWhatsapp 16.80.0”. The researchers note that users must allow the malware access to their text messages, which allows it to bypass multifactor authentication:
“It should be emphasized that FMWhatsapp users give the app permission to read their SMS messages, which means that the Trojan and all other malicious modules it loads also have access to it. This allows attackers to automatically enroll the victim for premium subscriptions, even “if a verification code is required to complete the process.
“We do not recommend using unofficial modifications to apps, especially WhatsApp mods. It is very possible that you will receive an unwanted paid subscription or even [lose] overall control of your account that attackers can misuse to use for their own purposes, e.g.
Konni RAT targets Russian organizations.
Malwarebytes researchers describe a spear phishing campaign that uses a new variant of the Konni RAT against Russian targets. Konni is “potentially linked to North Korea’s APT37”. The campaign uses Word documents with malicious macros to spread the malware:
“We found two baits that Konni APT used. The first document, ‘Economic relations.doc’, contains a 12-page article that was apparently published in 2010 with the title: ‘Far East Russian Far East Regional Economic Contacts with Korean States (2010s ). ‘ The second document is the draft of a meeting in Russia in 2021: ’23rd Meeting of the Russian-Mongolian Intergovernmental Commission on Trade, Economy, Science and Technology. ‘”
Bahraini activists compromised by Pegasus.
Researchers at the University of Toronto’s Citizen Lab say their iPhones were compromised by nine Bahraini activists using NSO Group’s Pegasus spyware. The researchers say four of the victims were hacked by “a Pegasus operator whom we trust the Bahrain government to attribute”. They also note: “Two of the hacked activists are now living in London and at least one was in London when they were hacked. In our research we have only ever seen that the Bahraini government spied in Bahrain and Qatar, never in Europe, the Bahraini activist in London may have been hacked by a Pegasus operator who is connected to another government. “