Our investigation of a spearphishing campaign that targeted senior members of the World Uyghur Congress in March 2025 reveals a highly-customized attack delivery method. The ruse used by attackers replicates a pattern in which threat actors weaponize software and websites aimed at preserving and supporting marginalized and repressed cultures to target those same communities.
A sustained, coordinated social media harassment and doxxing campaign – which we codenamed JUICYJAM – targeting the pro-democracy movement in Thailand has run uninterrupted, and unchallenged, since at least August 2020. Through our analysis of public social media posts we determined that the campaign was not only inauthentic, but the information revealed could not have been reasonably sourced from a private individual.
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon’s mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.
Legal researchers Cynthia Khoo and Kate Robertson warn that a Canada-U.S. CLOUD agreement would extend the reach of U.S. law enforcement into Canada’s digital terrain to an unprecedented extent, and that if signed, this agreement would effectively allow U.S. police to demand personal data directly from any provider of an “electronic communication service” or “remote computing service” in Canada, so long as it had some ties to the U.S.
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research and development at the intersection of information and communication technologies, human rights, and global security. Learn more.
On May 13, 2025, the Citizen Lab’s senior researcher John Scott-Railton testified before the European Union Parliament’s Committee on Civil Liberties, Justice and Home Affairs (‘LIBE committee’) to share findings from our recent report on the proliferation of Paragon spyware. “When we look at the pie chart of [spyware] targeting to see who was targeted… Read more »
Join us on May 21 for a hybrid workshop that explores digital sovereignty, the methodologies for its study, and the global trend around sovereignty in the digital world. This workshop is co-organized by DIGISOV, CIS CNRS, and GEODE and will take place on May 21, 2025, from 9:30 to 17:00, in Paris 17th (CNRS Pouchet)… Read more »
Come work with us! We are looking for a digital-savvy communicator to join our team in the role of Digital Communications Specialist. Read more…
In his article for Foreign Affairs, Citizen Lab founder Ron Deibert discusses the lessons of SignalGate, highlighting that “much of the debate has downplayed an even larger problem: the very real possibility that a foreign government or other hostile power was snooping on the devices through which those communications were taking place.” Read the full… Read more »
In an interview for CBC Ideas, Citizen Lab founder Ron Deibert talks with host Nahlah Ayed about mercenary spyware, sharing that “the latest versions can be implanted on anyone’s device anywhere in the world and as we speak, there is literally no defence against it.” They also discuss his new book, Chasing Shadows, in which… Read more »
In a piece for the Asia Pacific Foundation of Canada, Emile Dirks and Diana Fu argue that the U.S.’s pull back from its liberal-minded engagements in China “poses an imminent challenge to Canada: how to curb Beijing’s foreign interference without the support of a network of organizations backed by its powerful ally to the south.”… Read more »
