Targeted Threats

Back to Research

Investigations into the prevalence and impact of digital espionage operations against civil society groups.

Featured in Targeted Threats

The NSO connection to Jamal Khashoggi

Citizen Lab senior research fellow Bill Marczak and Saudi dissident Omar Abdulaziz joined CNN to discuss how NSO’s Pegasus spyware found on Omar’s phone is linked to Jamal Khashoggi.

Latest Research

Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns

In this research note, we analyze a malware campaign targeting Hong Kong democracy activists. Two new malware families are used in the campaign that we name UP007 and SLServer. Previous reports have shown overlap in the tactics, tools, and procedures used in this campaign in other operations targeting groups in Burma, Hong Kong, and the Tibetan community.

Packrat: Seven Years of a South American Threat Actor

This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes.