This report describes an espionage operation using government-exclusive spyware to target Mexican government food scientists and two public health advocates.
This report discusses the targeting of Egyptian NGOs by Nile Phish, a large-scale phishing campaign. Almost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, which has been referred to as an “unprecedented crackdown” on Egypt’s civil society. Nile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests.
December 29 – Hamburg, Germany
In this report we track a malware operation targeting members of the Tibetan Parliament that used known and patched exploits to deliver a custom backdoor known as KeyBoy. We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection.
Citizen Lab Senior Research Fellow John Scott-Railton has published an updated version of his “Security for the High-Risk user” paper, first published in the IEEE Security & Privacy in spring 2016. The updates were made based on new evidence of attacks against two-factor and account recovery SMSes, underlining the need for innovation in two-factor authentication.
This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.
This report describes a malware operation against the Syrian Opposition. We name the operator Group5, and suspect they have not been previously-reported. Group5 used “just enough” technical sophistication, combined with social engineering, to target computers and mobile phones with malware.
Media Coverage: New York Times, Foreign Policy, International Business Times, Chicago Tribune, VICE Motherboard, Taipei Times, Forbes, Techworm, Sputnik News, Network World, BoingBoing. Authors: Bill Marczak, John Scott-Railton 1. Executive Summary This report describes a campaign of targeted spyware attacks carried out by a sophisticated operator, which we call Stealth Falcon. The attacks have been conducted […]
This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing
March 30-April 1 – San Francisco, California