Indian Cyber Security Firm Linked To Spyware

Uploaded on 2021-10-19 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Amnesty International has published a Report about an Indian cyber security firm Innefu Labs that has links to an Android spyware program used to target well-known activists. Amnesty’s team conducted the study after discovering evidence of espionage against a Togolese activist and indicators of spyware deployment in many important Asian territories.

The investigation found that the spyware used in these attacks ties to an attacker group known as the Donot Team, previously connected to attacks in India and Pakistan among others. The 'Donot Team' is a collective of Indian hackers who have been targeting governments in Southeast Asia since at least 2018. 

Amnesty explains how fake Android applications and spyware-loaded emails were used by Donot Team to target a prominent Togolese human rights defender in an attempt to put them under unlawful surveillance. This is the first time Donot Team spyware has been found in attacks outside of South Asia. “Across the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty Tech

Amnesty notes that it's possible Innefu is not aware of how its customers or other third parties are using its tools,  however, an external audit could reveal everything now that full technical details have come to light. 

In a letter to Amnesty International, Innefu Labs denies any involvement with the Donot Team and the targeting of activists. "At the outset we firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo. As has already been stated by us in our previous letter, we are not aware of any ‘Donot Team’ or have any relationship with them... In your letter dated 20.09.2021, references have been made to a Xiaomi Redmi 5A phone, which has allegedly accessed the IP address of Innefu Labs, and also of some other private VPN server to access the Ukrainian hosting company called Deltahost. We believe this phone does not belong to any person associated with Innefu Labs. Merely because our IP address has been accessed using this phone does not ipso facto conclude Innefu Labs’ involvement in any of the alleged activities" - Innefu Labs.

By analysing the Android spyware sample, Amnesty's investigators found several similarities to two malware tools linked to past Donot Team operations. The threat actor's opsec mistake allowed the investigators to discover a "testing" server in the USA where the threat actors were storing screenshots and keylogging data from compromised Android phones. This is where Amnesty first saw the Innefu Labs IP address, otherwise the real source was hiding behind a VPN.

This is the first time that the Donot Team was spotted targeting entities in African countries, and it could be a clue that the group is offering 'hacker for hire' services to governments. 

The Togolese activist, who wishes to remain anonymous for security reasons, has a history of working with civil society organisations and is an essential voice for human rights in the country. Their devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 Togolese presidential election.

According to Amnesty, human rights violations, targeting activists and civil liberties advocates, and crippling political pluralism are common in Togo, and according to Amnesty’s report, things are getting worse.

Amnesty International:      Amnesty International:    CyberIntelMag:    The Record:    TechToSee:   

You Might Also Read:

Spyware Proliferates To 45 Countries:

 

« No-Code AI Can Speed Up Business
British National Cyber Force Campus »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.