We investigate a coordinated network of inauthentic X accounts that is spreading AI-generated content to induce revolt in Iran. The network has been active since 2023, but increased activity during the Iran-Israel conflict in June 2025.
The following is the Hebrew translation of the key findings from the Citizen Lab report titled We Think You Want a Revolution: PRISONBREAK – An AI-enabled Influence Operation Aimed at Overthrowing the Iranian Regime ממצאי הדו״ח רשת מתואמת של יותר מ 50 פרופילי משתמשים בדויים ב X מבצעים באמצעות בינה מלאכותית קמפיין השפעה. הקמפיין שמשתמש… Read more »
The following is the Persian translation of the key findings from the Citizen Lab report titled We Think You Want a Revolution: PRISONBREAK – An AI-enabled Influence Operation Aimed at Overthrowing the Iranian Regime یافتههای کلیدی شبکهای هماهنگ متشکل از بیش از ۵۰ پروفایل غیرواقعی در ایکس (X)، که ما از آن به عنوان «پریزِنبریک»… Read more »
Un’introduzione a Paragon Solutions. Paragon Solutions è stata fondata in Israele nel 2019 e vende uno spyware chiamato Graphite. L’azienda si descrive come diversa dagli altri produttori, affermando di disporre di salvaguardie per prevenire i tipi di abusi di spyware per cui NSO Group e altri fornitori sono noti. Analisi dell’infrastruttura dello spyware Paragon. Sulla… Read more »
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon’s mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.
A sophisticated spear phishing campaign has been targeting Western and Russian civil society. In collaboration with Access Now, and with the participation of numerous civil society organizations, we uncover this operation and link it to COLDRIVER, a group attributed by multiple governments to the Russian Federal Security Service (FSB).
In a joint investigation with Access Now, we found that seven Russian and Belarusian-speaking independent journalists and opposition activists based in Europe were targeted and/or infected with NSO Group’s Pegasus mercenary spyware.
We confirm that two members of Serbian civil society were targeted with spyware earlier this year. Both have publicly criticized the Serbian government. We are not naming the individuals at this time by their request. The Citizen Lab’s technical analysis of forensic artifacts was conducted in support of an investigation led by Access Now in collaboration with the SHARE Foundation. Researchers from Amnesty International independently analyzed the cases and their conclusions match our findings.
بين شهري مايو وسبتمبر 2023، استُهدِف عضو البرلمان المصري السابق أحمد الطنطاوي ببرنامج التجسس Predator من Cytrox عبر روابط أُرسلت إليه عبر رسائل قصيرة و رسائل WhatsApp. وقع الاستهداف بعد أن صرح الطنطاوي علنًا بخطته للترشح لمنصب الرئاسة في الانتخابات المصرية لعام 2024.
Amnesty International’s Security Lab has just published Caught in the Net as part of the European Investigative Collaborations‘ Predator Files, which details a threat actor sending what they assess to be Predator infection links on social media in replies to Twitter / X posts by officials, journalists and other members of civil society. The Citizen… Read more »
