Search Results for: hacking team

You Only Click Twice: FinFisher’s Global Proliferation

This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia that may have been used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam.

Citizen Lab Newsletter Archives

Archives of Citizen Lab Briefing newsletters we’ve sent. Subscribe to the Citizen Lab newsletter. Privacy Policy 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 2019 February 2019 – Citizen Lab researchers targeted, continued abuse of NSO technology in Mexico, and applications open for 2019 Citizen Lab Summer Institute 2018 November… Read more »

Publications

Research Reports John Scott-Railton, Rebekah Brown, Ksenia Ermoshina, and Ron Deibert. “Rivers of Phish: Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe,” The Citizen Lab Report No. 177, University of Toronto, August 14, 2024. John Scott-Railton, Bill Marczak, Bahr Abdul Razzak, Ksenia Ermoshina, Siena Anstis, and Ron Deibert. “By Whose Authority? Pegasus targeting of… Read more »

Disrupting COLDRIVER: U.S. court orders seizure of domains used in Russian cyberattacks

Microsoft’s Digital Crimes Unit takes legal action to dismantle Russia-based threat actor COLDRIVER following a joint investigation by The Citizen Lab and Access Now. In August, The Citizen Lab, jointly with Access Now, in collaboration with First Department, Arjuna Team, and RESIDENT.ngo, published a report that uncovered two distinct spear-phishing campaigns targeting members of Russian… Read more »

New Book “Chasing Shadows” Coming Soon

We are excited to announce a new book, Chasing Shadows: Cyber Espionage, Subversion, and the Global Fight for Democracy, by Ronald Deibert, director and founder of The Citizen Lab, will hit shelves on February 4, 2025.

PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.

Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus

Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Using Internet scanning, we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.