Predator Spyware Infrastructure Returns Following Exposure and Sanctions

Sept. 5, 2024, 4:47 p.m.

Description

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Angola. New infrastructure changes make tracking users more challenging. Defensive measures include regular device updates, using lockdown mode, and deploying mobile device management systems. The spyware market is expected to grow, highlighting the need for ongoing global efforts to regulate and curb its use. The resurgence underscores the persistent threat of mercenary spyware and the importance of cybersecurity best practices.

External References

https://go.recordedfuture.com/hubfs/reports/cta-2024-0905.pdf
https://www.recordedfuture.com/research/predator-spyware-infrastructure-returns-following-exposure-sanctions
https://otx.alienvault.com/pulse/66d9de8c4e170ccf7a03cbd9
Tags
python
2024-09-05
predator spyware
intellexa alliance
zero-click attacks

Date

  • Created: Sept. 5, 2024, 4:38 p.m.
  • Published: Sept. 5, 2024, 4:38 p.m.
  • Modified: Sept. 5, 2024, 4:47 p.m.

Indicators

  • 98.142.253.18
  • 45.86.163.178
  • 193.29.59.164
  • 193.29.56.252
  • 185.243.113.169
  • 185.235.137.6
  • 185.123.102.40
  • 169.239.129.76
  • yokananu.net
  • toysfourtots.com
  • nyirangongovrai.com
  • noisyball.com
  • masoloyakati.com
  • lesautreseux.com
  • holidaypriceguide.com
  • happytotstoys.com
Download all indicators here!

Attack Patterns

  • Predator
  • Intellexa alliance

Additional Informations

  • Government
  • Angola
  • Greece
  • Poland