The Citizen Lab has sent an open letter to Francisco Partners in light of the apparent misuse of NSO Group’s technology– a company in which we believe Francisco Partners has a majority stake– and to request timely action in regards to issues raised in previous correspondence.

Emile Dirks, Research Associate at the Citizen Lab, prepared a written submission for the Congressional-Executive Commission on China (CECC) about the state of human rights in the country. The CECC was established by Congress in October 2000, with the legislative mandate to monitor human rights and the development of the rule of law in China,… Read more »

We confirm that two members of Serbian civil society were targeted with spyware earlier this year. Both have publicly criticized the Serbian government. We are not naming the individuals at this time by their request. The Citizen Lab’s technical analysis of forensic artifacts was conducted in support of an investigation led by Access Now in collaboration with the SHARE Foundation. Researchers from Amnesty International independently analyzed the cases and their conclusions match our findings.

بين شهري مايو وسبتمبر 2023، استُهدِف عضو البرلمان المصري السابق أحمد الطنطاوي ببرنامج التجسس Predator من Cytrox عبر روابط أُرسلت إليه عبر رسائل قصيرة و رسائل WhatsApp. وقع الاستهداف بعد أن صرح الطنطاوي علنًا بخطته للترشح لمنصب الرئاسة في الانتخابات المصرية لعام 2024.

Amnesty International’s Security Lab has just published Caught in the Net as part of the European Investigative Collaborations‘ Predator Files, which details a threat actor sending what they assess to be Predator infection links on social media in replies to Twitter / X posts by officials, journalists and other members of civil society. The Citizen… Read more »

Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.

Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

In an interview with As It Happens with Nil Köksal, Chris Howden on CBC Radio, Citizen Lab Director Ron Deibert discussed Jamal Khashoggi’s widow Hanan Elatr’s lawsuit against Israeli spyware company NSO. Hanan Elatr Khashoggi claimed in a civil lawsuit lodged with the Northern District of Virginia that NSO “intentionally targeted” her devices and “caused… Read more »

At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.