Targeted Threats

Back to Research

Investigations into the prevalence and impact of digital espionage operations against civil society groups.

Featured in Targeted Threats

March 20, 2019

Reckless VII: Wife of Journalist Slain in Cartel-Linked Killing Targeted with NSO Group’s Spyware

November 27, 2018

Reckless VI: Mexican Journalists Investigating Cartels Targeted with NSO Spyware Following Assassination of Colleague

October 1, 2018

The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil

The NSO connection to Jamal Khashoggi

Citizen Lab senior research fellow Bill Marczak and Saudi dissident Omar Abdulaziz joined CNN to discuss how NSO’s Pegasus spyware found on Omar’s phone is linked to Jamal Khashoggi.

Latest Research

Who’s Watching Little Brother? A Checklist for Accountability in the Industry Behind Government Hacking

March 2, 2017

We are releasing a more comprehensive “checklist” consolidating our thoughts on how best to confront the lack of accountability in the commercial spyware trade.

Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links

February 11, 2017

This report describes an espionage operation using government-exclusive spyware to target Mexican government food scientists and two public health advocates.

Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society

February 2, 2017

This report discusses the targeting of Egyptian NGOs by Nile Phish, a large-scale phishing campaign. Almost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, which has been referred to as an “unprecedented crackdown” on Egypt’s civil society. Nile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests.

Social Engineering Attacks on Government Opponents

January 13, 2017

Citizen Lab Senior Research Fellow Bill Marczak has co-authored a paper titled “Social Engineering Attacks on Government Opponents: Target Perspectives,” along with Vern Paxson of UC Berkeley.

It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community

November 17, 2016

In this report we track a malware operation targeting members of the Tibetan Parliament that used known and patched exploits to deliver a custom backdoor known as KeyBoy. We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection.