Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Amnesty International Links Cybersecurity Firm To Spyware Operation

Amnesty International Links Cybersecurity Firm To Spyware Operation

A report by Amnesty International links an Indian cybersecurity company to an Android spyware program used to target prominent activists. 

The investigation comes from Amnesty International’s team, who confirmed a case of espionage against a Togolese activist and also observed signs of spyware deployment across several key Asian regions. 

A link to an Indian cybersecurity firm

According to Amnesty International, the Android spyware has been linked to Indian cybersecurity company Innefu Labs after an IP address belonging to the company was repeatedly used for the distribution of the spyware payload. 

However, the actual deployment could be the work of the ‘Donot Team’ (APT-C-35), a collective of Indian hackers who have been targeting governments in Southeast Asia since at least 2018. 

Amnesty notes that it’s possible Innefu is not aware of how its customers or other third parties are using its tools. However, an external audit could reveal everything now that full technical details have come to light. 

Also Read: The Competency Framework: A Guide for Managers and Staff

In a written letter to Amnesty International, Innefu Labs denies any involvement with the Donot Team and the targeting of activists.

“At the outset we firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo. As has already been stated by us in our previous letter, we are not aware of any ‘Donot Team’ or have any relationship with them.

In your letter dated 20.09.2021, references have been made to a Xiaomi Redmi 5A phone, which has allegedly accessed the IP address of Innefu Labs, and also of some other private VPN server to access the Ukrainian hosting company called Deltahost. We believe this phone does not belong to any person associated with Innefu Labs. Merely because our IP address has been accessed using this phone does not ipso facto conclude Innefu Labs’ involvement in any of the alleged activities” – Innefu Labs.

BleepingComputer has contacted Innefu Labs multiple times since yesterday morning but did not receive a response.

Targeting Togo activists

The attack on the activists began with an unsolicited message on WhatsApp, suggesting the installation of a supposedly secure chat app called ‘ChatLite.’

Having failed there, the attackers sent an email from a Gmail account, carrying a laced MS Word file that exploits an old vulnerability to drop the spyware. 

Actors sending unsolicited messages to the target.
Actors sending unsolicited messages to the target
Source: Amnesty International

In the ChatLite case, the spyware was a custom-developed Android app that allowed the attacker to collect sensitive data from the device and fetch additional malware tools.

The ChatLite app icon.
The ChatLite app icon
Source: Amnesty International

For the spyware distributed via malicious Word document, it had the following capabilities: 

  • Record keystrokes
  • Take screenshots regularly
  • Steal files from local and removable storage
  • Download additional spyware modules 

By analyzing the Android spyware sample, Amnesty’s investigators found several similarities to “Kashmir_Voice_v4.8.apk” and “SafeShareV67.apk”, two malware tools linked to past Donot Team operations.

The threat actor’s opsec mistake allowed the investigators to discover a  “testing” server in the USA where the threat actors were storing screenshots and keylogging data from compromised Android phones.

Also Read: Personal Data Protection Act Australia

Files of screen captures from compromised devices
Files of screen captures from compromised devices
Source: Amnesty International

This is where Amnesty first saw the Innefu Labs IP address, as otherwise, the real source was hiding behind a VPN.

Togo hiring foreign hackers?

This is the first time that the Donot Team was spotted targeting entities in African countries, and it could be a clue that the group is offering ‘hacker for hire’ services to governments. 

Freedom House gives Togo a â€˜Partly Free’ rating, with the ruling of the country being in the hands of the Gnassingbé family since 1963. The main opposition candidate, Agbéyomé Kodjo, was arrested in April 2020. 

Unfortunately, human rights violations, targeting activists and civil liberties advocates, and crippling political pluralism are common in Togo, and according to Amnesty’s report, things are only getting worse in the African country.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us