Indian Cyber Security Firm Linked To Spyware

Uploaded on 2021-10-19 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Amnesty International has published a Report about an Indian cyber security firm Innefu Labs that has links to an Android spyware program used to target well-known activists. Amnesty’s team conducted the study after discovering evidence of espionage against a Togolese activist and indicators of spyware deployment in many important Asian territories.

The investigation found that the spyware used in these attacks ties to an attacker group known as the Donot Team, previously connected to attacks in India and Pakistan among others. The 'Donot Team' is a collective of Indian hackers who have been targeting governments in Southeast Asia since at least 2018. 

Amnesty explains how fake Android applications and spyware-loaded emails were used by Donot Team to target a prominent Togolese human rights defender in an attempt to put them under unlawful surveillance. This is the first time Donot Team spyware has been found in attacks outside of South Asia. “Across the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty Tech

Amnesty notes that it's possible Innefu is not aware of how its customers or other third parties are using its tools,  however, an external audit could reveal everything now that full technical details have come to light. 

In a letter to Amnesty International, Innefu Labs denies any involvement with the Donot Team and the targeting of activists. "At the outset we firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo. As has already been stated by us in our previous letter, we are not aware of any ‘Donot Team’ or have any relationship with them... In your letter dated 20.09.2021, references have been made to a Xiaomi Redmi 5A phone, which has allegedly accessed the IP address of Innefu Labs, and also of some other private VPN server to access the Ukrainian hosting company called Deltahost. We believe this phone does not belong to any person associated with Innefu Labs. Merely because our IP address has been accessed using this phone does not ipso facto conclude Innefu Labs’ involvement in any of the alleged activities" - Innefu Labs.

By analysing the Android spyware sample, Amnesty's investigators found several similarities to two malware tools linked to past Donot Team operations. The threat actor's opsec mistake allowed the investigators to discover a "testing" server in the USA where the threat actors were storing screenshots and keylogging data from compromised Android phones. This is where Amnesty first saw the Innefu Labs IP address, otherwise the real source was hiding behind a VPN.

This is the first time that the Donot Team was spotted targeting entities in African countries, and it could be a clue that the group is offering 'hacker for hire' services to governments. 

The Togolese activist, who wishes to remain anonymous for security reasons, has a history of working with civil society organisations and is an essential voice for human rights in the country. Their devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 Togolese presidential election.

According to Amnesty, human rights violations, targeting activists and civil liberties advocates, and crippling political pluralism are common in Togo, and according to Amnesty’s report, things are getting worse.

Amnesty International:      Amnesty International:    CyberIntelMag:    The Record:    TechToSee:   

You Might Also Read:

Spyware Proliferates To 45 Countries:

 

« No-Code AI Can Speed Up Business
British National Cyber Force Campus »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

National Association of Software and Services Companies (NASSCOM)

National Association of Software and Services Companies (NASSCOM)

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Sensible Vision

Sensible Vision

SensibleVision helps organizations transparently protect data and prevent costly security breaches by constantly verifying the identities of people who use computers or mobile devices.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Apexanalytix

Apexanalytix

Apexanalytix is a leading provider of supplier onboarding, risk management and recovery solutions.