Targeted Threats
Back to ResearchInvestigations into the prevalence and impact of digital espionage operations against civil society groups.
Featured in Targeted Threats
CBC: WhatsApp Attributes Hack of 1,400 Users to NSO Group Technology
Citizen Lab senior researcher John Scott-Railton discusses why WhatsApp is suing NSO Group after discovering their spyware was used to target 1,400 users—100 of whom were members of civil society—and why this is a significant bellwether.
Latest Research
It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community
In this report we track a malware operation targeting members of the Tibetan Parliament that used known and patched exploits to deliver a custom backdoor known as KeyBoy. We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection.
The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender
This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.
Group5: Syria and the Iranian Connection
This report describes a malware operation against the Syrian Opposition. We name the operator Group5, and suspect they have not been previously-reported. Group5 used “just enough” technical sophistication, combined with social engineering, to target computers and mobile phones with malware.
Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents
This report describes a campaign of targeted spyware attacks carried out by a sophisticated operator, which we call Stealth Falcon. The attacks have been conducted from 2012 until the present, against Emirati journalists, activists, and dissidents.
Keep Calm and (Don’t) Enable Macros: Appendices
Appendices for the report “Keep Calm and (Don’t) Enable Macros”