Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Amnesty International Links Cybersecurity Firm To Spyware Operation

Amnesty International Links Cybersecurity Firm To Spyware Operation

A report by Amnesty International links an Indian cybersecurity company to an Android spyware program used to target prominent activists. 

The investigation comes from Amnesty International’s team, who confirmed a case of espionage against a Togolese activist and also observed signs of spyware deployment across several key Asian regions. 

A link to an Indian cybersecurity firm

According to Amnesty International, the Android spyware has been linked to Indian cybersecurity company Innefu Labs after an IP address belonging to the company was repeatedly used for the distribution of the spyware payload. 

However, the actual deployment could be the work of the ‘Donot Team’ (APT-C-35), a collective of Indian hackers who have been targeting governments in Southeast Asia since at least 2018. 

Amnesty notes that it’s possible Innefu is not aware of how its customers or other third parties are using its tools. However, an external audit could reveal everything now that full technical details have come to light. 

Also Read: The Competency Framework: A Guide for Managers and Staff

In a written letter to Amnesty International, Innefu Labs denies any involvement with the Donot Team and the targeting of activists.

“At the outset we firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo. As has already been stated by us in our previous letter, we are not aware of any ‘Donot Team’ or have any relationship with them.

In your letter dated 20.09.2021, references have been made to a Xiaomi Redmi 5A phone, which has allegedly accessed the IP address of Innefu Labs, and also of some other private VPN server to access the Ukrainian hosting company called Deltahost. We believe this phone does not belong to any person associated with Innefu Labs. Merely because our IP address has been accessed using this phone does not ipso facto conclude Innefu Labs’ involvement in any of the alleged activities” – Innefu Labs.

BleepingComputer has contacted Innefu Labs multiple times since yesterday morning but did not receive a response.

Targeting Togo activists

The attack on the activists began with an unsolicited message on WhatsApp, suggesting the installation of a supposedly secure chat app called ‘ChatLite.’

Having failed there, the attackers sent an email from a Gmail account, carrying a laced MS Word file that exploits an old vulnerability to drop the spyware. 

Actors sending unsolicited messages to the target.
Actors sending unsolicited messages to the target
Source: Amnesty International

In the ChatLite case, the spyware was a custom-developed Android app that allowed the attacker to collect sensitive data from the device and fetch additional malware tools.

The ChatLite app icon.
The ChatLite app icon
Source: Amnesty International

For the spyware distributed via malicious Word document, it had the following capabilities: 

  • Record keystrokes
  • Take screenshots regularly
  • Steal files from local and removable storage
  • Download additional spyware modules 

By analyzing the Android spyware sample, Amnesty’s investigators found several similarities to “Kashmir_Voice_v4.8.apk” and “SafeShareV67.apk”, two malware tools linked to past Donot Team operations.

The threat actor’s opsec mistake allowed the investigators to discover a  “testing” server in the USA where the threat actors were storing screenshots and keylogging data from compromised Android phones.

Also Read: Personal Data Protection Act Australia

Files of screen captures from compromised devices
Files of screen captures from compromised devices
Source: Amnesty International

This is where Amnesty first saw the Innefu Labs IP address, as otherwise, the real source was hiding behind a VPN.

Togo hiring foreign hackers?

This is the first time that the Donot Team was spotted targeting entities in African countries, and it could be a clue that the group is offering ‘hacker for hire’ services to governments. 

Freedom House gives Togo a â€˜Partly Free’ rating, with the ruling of the country being in the hands of the Gnassingbé family since 1963. The main opposition candidate, Agbéyomé Kodjo, was arrested in April 2020. 

Unfortunately, human rights violations, targeting activists and civil liberties advocates, and crippling political pluralism are common in Togo, and according to Amnesty’s report, things are only getting worse in the African country.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us