CyberWire Daily LightSpy's dark evolution. [Research Saturday]
Jan 25, 2025
Jacob Faires, Principal Threat Researcher at Blackberry, shares insights into the LightSpy malware campaign tied to Chinese APT41. The discussion reveals the sophisticated DeepData framework, which includes 12 plugins designed for various forms of surveillance, from communication monitoring to credential theft. Faires highlights how this malware targets popular messaging platforms like WhatsApp and Signal, showcasing advanced espionage tactics aimed at activists and journalists in Southeast Asia. The evolution of these cyber threats poses significant challenges for cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
LightSpy's Targets
- LightSpy, first discovered in 2020, targeted Hong Kong's democratic protests.
- It focused on journalists and citizens who didn't align with the CCP.
DeepData's History
- DeepData is LightSpy's Windows-based framework.
- Hints suggest DeepData may have targeted Windows Phone users before the platform's deprecation.
DeepData's Modularity
- DeepData's modularity allows tailored intrusions based on target needs.
- This efficient approach minimizes the data sent to victims.