Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Using Internet scanning, we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.
In its most recent response to the Citizen Lab regarding the The Great iPwn report, NSO Group extended an invitation to meet and discuss the Citizen Lab’s concerns and NSO Group’s “program” in more detail. We do not believe this invitation is made in good faith and have declined.
As highlighted by a coalition of human rights organizations in a letter to NSO Group released today, NSO Group continues to fail in human rights compliance. The company has fallen far short of numerous promises and commitments it made, in particular with regards to transparency and its human rights due diligence framework.
The Citizen Lab’s response to the questionnaire of the U.N. Working Group on the use of mercenaries on the provision of military and security products and services in cyber space by cyber mercenaries and related actors and its human rights impact.
Since 2016, the Citizen Lab has published numerous reports regarding the use of Pegasus spyware against human rights defenders, journalists, politicians, and other members of civil society. Despite these findings, NSO Group has failed to substantively engage or respond to the research presented by the Citizen Lab and other organizations.
في شهري يوليو وأغسطس 2020 استخدم عملاءٌ حكوميون برنامج التجسس بيغاسوس “Pegasus” من مجموعة “NSO” لاختراق 36 هاتفاً شخصياً لصحفيين ومنتجين ومراسلين و مدراء تنفيذيين في قناة الجزيرة. كما تم اختراق هاتف صحفية في قناة العربي، التي مقرها لندن.
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe, and is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments, enabling us to identify Circles deployments in at least 25 countries.
Amidst calls for reform in Togo, NSO Group’s spyware was used to target voices for change including a bishop, priest, and opposition politicians.
Targets were sent emails disguised as important communications, such as official summonses, bearing links to malicious software disguised as important documents. If opened, targets’ computers would have been infected with NetWire, a piece of commodity malware.
