RESEARCH → INVESTIGATION
Netsweeper
Optional subhead lorem ipsum dolor sit amet
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam molestie luctus tellus, et egestas velit condimentum id. Proin mattis convallis odio a tincidunt. Duis eu lectus non libero posuere aliquam eget eu urna. Sed non augue faucibus sem placerat hendrerit eu eu leo. Duis commodo sollicitudin velit, a gravida justo posuere eget.
Investigation Timeline
Investigation Timeline
Our pioneering research on cyber espionage and spyware technologies began with a research project called the Information Warfare Monitor. Working in collaboration with SecDev Group, the Citizen Lab launched a multi-year study to track cyberspace as an emerging strategic domain for espionage.
This project led to the 2009 discovery of a cyber espionage network called GhostNet which consisted of 1,295 malware-infected computers in 103 countries. Of the infected computers, 30 percent were determined to be “high-value” targets, including ministries of foreign affairs, embassies, international organizations, news organizations, and a computer located at NATO headquarters. This “bombshell investigation” attracted the attention of several intelligence and law enforcement agencies, including the FBI, the U.S. Department of Homeland Security, and Canada’s Communications Security Establishment.
Although there was circumstantial evidence pointing to elements within the People’s Republic of China, our investigation concluded that there was not enough evidence to implicate the Chinese government itself and attribution behind GhostNet remains a mystery.
In 2010, the Citizen Lab uncovered a second cyber espionage network called Shadow that systematically compromised government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries.
These ground breaking cyber espionage discoveries laid the foundation for a new era of Citizen Lab research, providing crucial counterintelligence to civil society.
Topics
Key Insights
- In March 2025, senior members of the World Uyghur Congress (WUC) living in exile were targeted with a spearphishing campaign aimed at delivering Windows-based malware capable of conducting remote surveillance against its targets.
- The malware was delivered through a trojanized version of a legitimate open source word processing and spell check tool developed to support the use of the Uyghur language. The tool was originally built by a developer known and trusted by the targeted community.
- Although the malware itself was not particularly advanced, the delivery of the malware was extremely well customized to reach the target population and technical artifacts show that activity related to this campaign began in at least May of 2024.
Lorem Ipsum
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam molestie luctus tellus, et egestas velit condimentum id. Proin mattis convallis odio a tincidunt. Duis eu lectus non libero posuere aliquam eget eu urna. Sed non augue faucibus sem placerat hendrerit eu eu leo. Duis commodo sollicitudin velit, a gravida justo posuere eget.
ivamus sollicitudin, urna sit amet eleifend dignissim, mauris lectus semper ex, quis ultricies sem elit finibus mi. Vivamus pretium pellentesque magna ultrices lobortis. Nulla sapien ante, porttitor sed cursus id, cursus ut urna. Aenean dictum non urna vitae lobortis. In pulvinar bibendum mauris, sit amet accumsan odio pretium in. Donec id dictum diam, vitae ultricies.
Consectetur Adipiscing Elit
ivamus sollicitudin, urna sit amet eleifend dignissim, mauris lectus semper ex, quis ultricies sem elit finibus mi. Vivamus pretium pellentesque magna ultrices lobortis. Nulla sapien ante, porttitor sed cursus id, cursus ut urna. Aenean dictum non urna vitae lobortis. In pulvinar bibendum mauris, sit amet accumsan odio pretium in. Donec id dictum diam, vitae ultricies mi.
REPORTS
RECENT NEWS
investigation researchers
