Re: Is Apple Tv Available In Macedonia
Ingelore Clason
The Keynote will be available to stream on apple.com, the Apple Developer app, the Apple TV app, and the Apple YouTube channel. On-demand playback will be available after the conclusion of the stream.
We attribute the attacks on the two targets to the Egyptian Government with medium-high confidence. We conducted scanning (Section 4) that identified the Egyptian Government as a Cytrox Predator customer, websites used in the hacks of the two targets bore Egyptian themes, and the messages that initiated the hack were sent from Egyptian WhatsApp numbers (Section 2.5, Section 2.7).
iPhone logs indicated that the process names of the commands were UserEventAgent and com.apple.WebKit.Networking, that their binaries were resident on disk in the /private/var/tmp/ folder, and that the responsible process for both was siriactionsd, which is a legitimate iOS process that manages iOS shortcuts and automations.
We found 28 hosts on Censys matching this fingerprint in October 2021, including an IP in Northern Macedonia, 62.162.5[.]58, which was pointed to by dev-bh.cytrox[.]com in August 2020, and which also returned a redirect with dev-bh.cytrox[.]com in its Location header on port 80 during this period.
Additionally, passive DNS tool RiskIQ shows that the IP 62.162.5[.]58 returned a certificate (0fb1b8da5f2e63da70b0ab3bba8438f30708282f) for teslal[.]xyz between July 2020 and September 2020. Since 62.162.5[.]58 currently returns a teslal[.]xyz certificate, we assume that the IP has not changed ownership since August 2020 and is thus still related to cytrox[.]com.
The cytrox.com domain previously returned a WordPress page containing an email address (i...@cytrox.com), which appears to be the email of Ivo Malinkovski, CEO of Cytrox. The WordPress page is apparently unmaintained, and was apparently hacked to include spam links to an online casino (Figure 6).
The phone logs indicate that the device was infected with Pegasus on June 22 at 13:26 GMT. A number of Library/SMS/Attachments folders were created between 13:17 and 13:21, and there were no entries whatsoever in the Attachments table of the sms.db file for June 22, suggesting that a zero-click exploit may have been the vector for Pegasus installation. Approximately an hour later, a Predator link sent to Nour on WhatsApp was opened in Safari at 14:33 GMT on the same day and Predator was installed on the device two minutes later at 14:35 GMT.
The iOS and Android configurations are slightly different. The complete configurations are available in Appendix 1. Once Predator iOS loads its configuration, it loads another frozen Python module named km_ios, a utility module that provides kernel memory management helper functions enabling additional Predator module capabilities.
Nineveh is destroyed, deserted, desolate! Hearts melt with fear; knees tremble, strength is gone; faces grow pale. Where now is the city that was like a den of lions, the place where young lions were fed, where the lion and the lioness would go and their cubs would be safe?
The iOS automation is triggered when certain apps are opened, including a number of built-in Apple apps, such as the App Store, Camera, Mail, Maps, Safari, as well as third-party apps including Twitter, Instagram, Facebook Messenger, LinkedIn, Skype, SnapChat, Viber, Wire, TikTok, Line, OpenVPN, WhatsApp, Signal, and Telegram.
While automations normally trigger visible notifications when they are run, the Predator shortcut runs entirely in the background, invisible to the user, because Predator also changes an option to disable automations from triggering notifications.
Predator stores additional Python modules and native ELF binaries in the fs.db SQLite file which is located at the path set in DB_FILE. The Python interpreter has a frozen module called sqlimper which is responsible for interacting with this database. The database contains a table called files which has a column called file_hash and a column called file_data. The file_hash is used in place of a file name and is computed using the following routine, where n is the name:
The injector module declares one function, inject, which can inject a shared object into a running process. Interestingly, there is a function called prior to injection which attempts to disable SELinux enforcement via the SELinuxFS.
Scanning also reveals a range of domains used by Cytrox that have country-specific themes, which leads us to suspect that they may be specifically targeted in relation to these countries. We list a subset of these in Table 4.
Today, Thursday, December 16th, Meta is taking an enforcement action against Cytrox, which includes removing approximately 300 Facebook and Instagram accounts linked to Cytrox. Their investigation also reveals an extensive list of lookalike domains used as part of social engineering and malware attacks, which are included in Appendix A of their report.
The targeting of a single individual with both Pegasus and Predator underscores that the practice of hacking civil society transcends any specific mercenary spyware company. Instead, it is a pattern that we expect will persist as long as autocratic governments are able to obtain sophisticated hacking technology. Absent international and domestic regulations and safeguards, journalists, human rights defenders, and opposition groups will continue to be hacked into the foreseeable future.
As investigative journalists and public interest researchers continue to put a spotlight on mercenary spyware companies, we expect they will continue their efforts to evade scrutiny and accountability.
The reopening of the European market has become possible thanks to well-coordinated cooperation between specialists of the European Food Safety Authority (EFSA) and members of the relevant association of Ukraine, Ukrainian media said, citing a press release circulated by Ukraine's State Service on Food Safety and Consumer Protection on Wednesday.
These joint efforts resulted in the adoption by the European Commission of EU Regulations 2022/1309 and 2023/158 on lifting restrictions on the export of apple, plum and quince trees for planting from Ukraine to the EU countries. From 2019 to 2023, these goods could be exported to the EU countries only following the EFSA's analysis of phytosanitary risks with regard to quarantine pests of apple and plum trees.
"It needs to be mentioned that in order to export apple, plum and quince saplings to the EU countries, businesses need to abide by the special phytosanitary requirements set in Appendix VII of the EU Regulation 2019/2072, which includes using production sites or production plots free from quarantine pests. The aforementioned regulations are available for viewing on the website of the State Service on Food Safety and Consumer Protection," it said.
As reported, the State Service on Food Safety and Consumer Protection and the Ukrainian Foreign Ministry agreed on 22 forms of international veterinary certificates for the export of livestock products to 12 countries in 2022.
Last year, the market of Albania was opened for semi-finished meat products from Ukraine, Georgia for snails, the Dominican Republic for milk and dairy products, Israel for ornamental freshwater fish, live rabbits, chewed items for pets, fresh and processed leather and skins, Canada for poultry meat and poultry products, Kenya for milk and dairy products.
In addition, permits have been granted to the export of Ukrainian chewed items for pets, raw and canned pet food to North Macedonia, pet food to Singapore, hatching eggs, canned and processed pet food to Serbia, processed animal protein products (not for human consumption) and fish products to Turkey, table eggs to Pakistan, and meat products and semi-finished products to Montenegro.
News and other data on this site are provided for information purposes only, and are not intended for republication or redistribution. Republication or redistribution of Interfax content, including by framing or similar means, is expressly prohibited without the prior written consent of Interfax.
d3342ee215