This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia that may have been used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam.

SCMagazine has named Morgan Marquis-Boire on its honorable mention list of Influential IT security minds in 2012.

Archives of Citizen Lab Briefing newsletters we’ve sent. Subscribe to the Citizen Lab newsletter. Privacy Policy 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 2019 February 2019 – Citizen Lab researchers targeted, continued abuse of NSO technology in Mexico, and applications open for 2019 Citizen Lab Summer Institute 2018 November… Read more »

Research Reports Director Ron Deibert’s blog posts provide summaries and analysis of Citizen Lab research reports and can be found here. Alberto Fittarelli. “PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content.” Citizen Lab Report No. 174, University of Toronto, February 7, 2024. https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/. Jeffrey Knockel, and Emile Dirks. “Chinese… Read more »

Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.

Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Using Internet scanning, we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.

في شهري يوليو وأغسطس 2020 استخدم عملاءٌ حكوميون برنامج التجسس بيغاسوس “Pegasus” من مجموعة “NSO” لاختراق 36 هاتفاً شخصياً لصحفيين ومنتجين ومراسلين و مدراء تنفيذيين في قناة الجزيرة. كما تم اختراق هاتف صحفية في قناة العربي، التي مقرها لندن.

Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.

In what follows, I first provide a summary of the Citizen Lab’s recent investigation into the security of Zoom’s video conferencing application, and the company’s responses. I then discuss a broader range of digital security risks that are relevant to the work-from-home routines that MPs and their staff are following. Finally, I conclude with six recommendations.