This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.
Posts tagged “Malware”
This report describes a malware operation against the Syrian Opposition. We name the operator Group5, and suspect they have not been previously-reported. Group5 used “just enough” technical sophistication, combined with social engineering, to target computers and mobile phones with malware.
This report describes a campaign of targeted spyware attacks carried out by a sophisticated operator, which we call Stealth Falcon. The attacks have been conducted from 2012 until the present, against Emirati journalists, activists, and dissidents.
In this research note, we analyze a malware campaign targeting Hong Kong democracy activists. Two new malware families are used in the campaign that we name UP007 and SLServer. Previous reports have shown overlap in the tactics, tools, and procedures used in this campaign in other operations targeting groups in Burma, Hong Kong, and the Tibetan community.
This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing
In an interview with Scientific American, Citizen Lab Senior Security Researcher Morgan Marquis-Boire explained the techniques and associated challenges in identifying the perpetrators of malware attacks.
Palo Alto Networks cited the Citizen Lab report entitled “Communities @ Risk: Targeted Threats Against Civil Society.”
This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes.
Citizen Lab’s Research Fellow John Scott-Railton spoke to Politico regarding the Syrian Electronic Army, a group of hackers in support of Bashar Al-Assad’s government. An article by Business Insider also featured Citizen Lab research into ISIS malware attacks.
This post analyzes targeted malware attacks against groups in the Tibetan diaspora and Hong Kong that leverage the CVE-2014-4114 vulnerability