Targeted Threats
Investigations into the prevalence and impact of digital espionage operations against civil society groups.
Featured in Targeted Threats
Digital Transnational Repression Explained
Citizen Lab produced an animated explainer video on digital transnational repression in Canada that also highlight some of the stories of the interviewees while also protecting their identities.
Latest Research
The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
Running in Circles: Uncovering the Clients of Cyberespionage Firm Circles
Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe, and is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments, enabling us to identify Circles deployments in at least 25 countries.
Nothing Sacred: Religious and Secular Voices for Reform in Togo Targeted with NSO Spyware
Amidst calls for reform in Togo, NSO Group’s spyware was used to target voices for change including a bishop, priest, and opposition politicians.
Dark Basin: Uncovering a Massive Hack-For-Hire Operation
Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.
Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator
New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.