This report describes a campaign of targeted spyware attacks carried out by a sophisticated operator, which we call Stealth Falcon. The attacks have been conducted from 2012 until the present, against Emirati journalists, activists, and dissidents.
In “Chilling Effects: Online Surveillance and Wikipedia Use,” Citizen Lab Research Fellow Jon Penney analyzes the fall of traffic to Wikipedia articles about terror groups and their techniques after the Snowden revelations.
In this research note, we analyze a malware campaign targeting Hong Kong democracy activists. Two new malware families are used in the campaign that we name UP007 and SLServer. Previous reports have shown overlap in the tactics, tools, and procedures used in this campaign in other operations targeting groups in Burma, Hong Kong, and the Tibetan community.
This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing
This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes.
A number of journalists, activists, politicians, and public figures in Latin America have been targeted by a large-scale hacking campaign since 2008, according to a new report from the University of Toronto’s Citizen Lab.
Citizen Lab surveillance research on Hacking Team and FinFisher highlighted in articles on Motherboard, the Varsity, and the New York Times.
A second audit of South Korea’s Smart Sheriff application reveals that there are numerous unresolved vulnerabilities that put minor children and parental users of the application at serious risk.
This report provides a detailed, mixed methods analysis of Information controls related to the Yemen armed conflict, with research commencing at the end of 2014 and continuing through October 20, 2015. The research confirms that Internet filtering products sold by the Canadian company Netsweeper have been installed on and are presently in operation in the state-owned and operated ISP YemenNet, the most utilized ISP in the country.
