Researchers claim that two government hacking groups hacked an Egyptian politician

Researchers claim that two government hacking groups hacked an Egyptian politician

Tech Highlights:

  • Citizen Lab discovered that two different government hacking outfits attacked an Egyptian politician’s iPhone, employing malware from NSO Group and a competitor called Cytrox.

  • Researchers claim that two government hacking groups hacked an Egyptian politician.

According to a new report, two different groups of government hackers used spyware from different providers to infiltrate a major Egyptian opposition politician.

The hack against Nour is yet another example of a government using tools made by Western cybersecurity companies to target prominent dissidents and politicians. It’s also a sign that the spyware as a service industry—which insiders call the “lawful intercept” industry—is filled with many players beyond the controversial and well known NSO Group.

According to a new report published on Thursday by Citizen Lab, a digital rights watchdog housed at the University of Toronto Munk School, the iPhone of Ayman Nour, an Egyptian politician who has been a vocal opponent of current President Abdel Fattah Al-Sisi, was infected by spyware made by Israeli spyware maker NSO Group, as well as a new player in the industry called Cytrox.

“The targeting of a single individual with both Pegasus and Predator underscores that the practice of hacking civil society transcends any specific mercenary spyware company. Instead, it is a pattern that we expect will persist as long as autocratic governments are able to obtain sophisticated hacking technology,” Citizen Lab researchers wrote in the report. “Absent international and domestic regulations and safeguards, journalists, human rights defenders, and opposition groups will continue to be hacked into the foreseeable future.”

Citizen Lab researchers also found traces of Cytrox’s spyware on the iPhone of an Egyptian journalist, who asked to remain anonymous.

At the same time, Facebook found around 300 accounts on Facebook and Instagram operated by Cytrox. The company, according to a new Facebook report also published Thursday, had an infrastructure made of domains spoofing legitimate news entities such as the BBC, CNN, and Fox News. Facebook researchers said that Cytrox customers targeted politicians and journalists around the world, including in Egypt and Armenia.

Nour, who lives in exile in Turkey, suspected something was wrong with his iPhone when he noticed last summer that it was “running hot,” as Citizen Lab researchers put it. Indeed, there were two separate spyware programs running on it, Pegasus, made by NSO, and what Citizen Lab calls Predator, made by Cytrox. Bill Marczak, a senior researcher at Citizen Lab, said that he and his colleagues believe the Egyptian government is likely the one who used Predator to target Nour.

We will be happy to hear your thoughts

      Leave a reply

      Tech Reviews, News and Guides