Which nations have been discovered snooping on their citizens without authorization?
Researchers from Citizen Lab released a report last month detailing how former Egyptian lawmaker Ahmed Eltantawi's iPhone was targeted by hackers using Cytrox's Predator spyware.
Eltantawi was the target of a redirect attack to malicious websites in August and September of this year that installed the Predator spyware by using iOS zero-day vulnerabilities (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993). This attack, as anticipated, was motivated by politics.
In the past, Cytrox has drawn attention for using Predator to target celebrities. The activities of Cytrox and its parent company Intellexa were being investigated at the time by Citizen Lab and the now-banned Meta*.
A report from SEKOIA that was published in December 2021 looked at potential connections between Operation Lycantrox-tracked Cytrox clients and Operation Karkadann-tracked Candiru clients. Both spy operations compromised their targets using a similar infrastructure.
Most recently, SEKOIA experts discovered numerous domains connected to this group while analyzing the infrastructure used by Lycantrox. Examples include "elwatnanews[.]com," which poses as a news source, and "bitshort[.]info," which poses as a link shortening service.
The researchers identified 121 distinct domain names that were highly confidently connected to the Lycantrox infrastructure. Many of these domains are somehow connected to cybercrime and have connections to servers that accept cryptocurrency payments.
The servers connected to the identified domains are located in Madagascar, Indonesia, Kazakhstan, and Angola, according to a thorough analysis of the threat. Researchers think local government agencies use them to spy online on different politicians, activists, and journalists.
The experts promised to keep an eye on the actions of cyber mercenaries from Cytrox and Intellexa while exposing their infrastructure and providing all identified indicators of compromise of the Lycantrox espionage campaign in their report.
Comments 0