

NetAskari
1.5K posts

@NetAskari
Blog on Chinese cyber operations, online surveillance, always on the hunt for leaked documents : https://t.co/AwtprnaSoG | https://t.co/eVXinXn7NL



🚨PSA: If you think you're a targeted individual, don't install macOS apps from the web. macOS code signing and TCC are broken. We accidentally found a bug that lets any command modify the binaries of other apps, including Signal, Brave, Chrome, and even Xcode. Watch the demo👇 This happens entirely in the background, with no password prompts or visible alerts. The modified binaries can then access the original app's keychain records and protected containers. We reported this to Apple two weeks ago and haven't received a response. We previously said we wouldn't contact Apple's bounty program again, but we believe it's necessary in this case to help protect Mac users. It affects macOS 26 and 27. This bug doesn't impact apps downloaded from the Mac App Store. Many developers distribute apps on the web instead because Apple controls the App Store's review process and payment methods.

9 McNuggets & a McChicken burger helped us link a Russian hacker to 🇷🇺 government😅 Denis Obrezko was put on the international wanted listed by Russia, following an FBI arrest in Phuket last November. Our independent investigation shows Obrezko has closes ties to the Moscow👇


Your weekend read: Follow our investigation into China's "Dynamic Control Platform for overseas personnel": Exclusive insight into a demo system designed to provide 24/7 surveillance on residential foreigners in the prefecture Zhangjiakou. We will dissect a dashboard system, fed with real world data, showing how one of the many surveillance concepts in China work, how it is connected to the wider "Xueliang" system and how a surveillance state has the tendency to expand its capabilities without a lot of public oversight. Maybe also a warning to other nations, planning to jump on the "holistic surveillance" train : netaskari.substack.com/p/sharp-eyes-h…





To see where this leads, look at Tibet, where Beijing perfected its system of social control, writes Richard Gere. on.wsj.com/4vVjt7Z




the one conspiracy i believe is that this place is full of bots programmed to say insane, incendiary things and they're funded by foreign organizations who want to divide americans and destabilize US society

@hoshinofujivy 我在新疆旅游用公司VPN,连不上后来他们给了我一个RDP连到北京的Windows虚拟机,我平衡了











5月19日,@NetAskari 披露了一个中国的秘密监控平台,系统名为“境外人员动态管控平台”。 调查者表示,他们获取到了该平台的演示系统,并确认其中部分数据来自真实世界,包括护照信息、手机号、签证信息、出行记录等。 系统不仅能记录外国人的住宿、工作、学习情况,还可结合人脸识别摄像头,对个人在城市中的行动轨迹进行实时追踪。乘坐火车时的车厢、座位等数据,也会被纳入长期分析。 平台会为每名人员建立“快速画像”,并标注所谓“风险因素”。系统还整合了医疗记录、住址、工作信息、加油记录、日常活动规律,甚至“社交关系”。 其中一项功能为“关系图谱分析”,可根据监控画面中共同出现的频率,自动分析人与人之间的联系。 此外,系统还设有“重点人员”“在逃人员”“外国记者”“外国学生”等数据库。当相关人员进入某地时,平台会向当地行政与安保部门发出提醒。 调查者指出,该系统的数据来源不仅包括警方监控网络,还接入了滑雪场缆车等商业系统的摄像头数据。一名外国记者在滑雪时被系统即时识别并标记。 曝光者称,目前尚无法确认该系统哪些功能已真正投入现实使用,但从界面与数据来看,其测试时间约为2023年前后,部分底层数据可追溯至2021年。 据称,该曾在河北张家口地区测试运行。 目前该系统似乎已被下线。
