NSO Group’s Pegasus spyware and exploit framework were used in infection attempts against Mexican senators and senior politicians in June and July 2016.

Documents stolen from a prominent journalist and critic of the Russian government were manipulated and then released as a “leak” to discredit domestic and foreign critics of the government. We call this technique “tainted leaks.”

Citizen Lab Director Ron Deibert has been named as part of the “Humans of the Year” series of VICE Motherboard, which profiles his work in defending cyber security through studies of hacking groups and censorship worldwide.

A group calling itself the Shadow Brokers has claimed to have hacked an elite cyberattack organization associated with the U.S National Security Agency (NSA), and is offering the stolen technology to the highest bidder. Citizen Lab Senior Research Fellow Claudio Guarnieri discussed the credibility of the claims with The Wired.

This report describes a malware operation against the Syrian Opposition. We name the operator Group5, and suspect they have not been previously-reported. Group5 used “just enough” technical sophistication, combined with social engineering, to target computers and mobile phones with malware.

This post describes TrackerSSL, a browser extension that reveals the leaky ad trackers on webpages that leave your browsing habits open to surveillance.

While there has been much discussion about the use of software described as ‘implants’ or ‘backdoors’ to perform targeted surveillance, this report is about the less well understood method by which most targeted surveillance is delivered: network injection.

Post-doctoral Fellow Christopher Parsons spoke with a variety of media organizations over the past month about his research and pressing events that have taken place in the Canadian telecommunications landscape. He generally discussed lawful access to telecommunications data, the release of transparency reports by Canadian Internet service providers, and the unveiling of an access to personal information tool.

Former Citizen Lab security researcher and member of our technical advisory group, Nart Villeneuve, is part of a team that uncovered a malware campaign targeting European diplomats and foreign ministries.

The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 as part of the talk “RATastrophe: Monitoring a Malware Menagerie” by Katie Kleemola, Seth Hardy, and Greg Wiseman.