Indian Cyber Security Firm Linked To Spyware

Uploaded on 2021-10-19 in NEWS-News Analysis, INTELLIGENCE--International, FREE TO VIEW

Amnesty International has published a Report about an Indian cyber security firm Innefu Labs that has links to an Android spyware program used to target well-known activists. Amnesty’s team conducted the study after discovering evidence of espionage against a Togolese activist and indicators of spyware deployment in many important Asian territories.

The investigation found that the spyware used in these attacks ties to an attacker group known as the Donot Team, previously connected to attacks in India and Pakistan among others. The 'Donot Team' is a collective of Indian hackers who have been targeting governments in Southeast Asia since at least 2018. 

Amnesty explains how fake Android applications and spyware-loaded emails were used by Donot Team to target a prominent Togolese human rights defender in an attempt to put them under unlawful surveillance. This is the first time Donot Team spyware has been found in attacks outside of South Asia. “Across the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty Tech

Amnesty notes that it's possible Innefu is not aware of how its customers or other third parties are using its tools,  however, an external audit could reveal everything now that full technical details have come to light. 

In a letter to Amnesty International, Innefu Labs denies any involvement with the Donot Team and the targeting of activists. "At the outset we firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo. As has already been stated by us in our previous letter, we are not aware of any ‘Donot Team’ or have any relationship with them... In your letter dated 20.09.2021, references have been made to a Xiaomi Redmi 5A phone, which has allegedly accessed the IP address of Innefu Labs, and also of some other private VPN server to access the Ukrainian hosting company called Deltahost. We believe this phone does not belong to any person associated with Innefu Labs. Merely because our IP address has been accessed using this phone does not ipso facto conclude Innefu Labs’ involvement in any of the alleged activities" - Innefu Labs.

By analysing the Android spyware sample, Amnesty's investigators found several similarities to two malware tools linked to past Donot Team operations. The threat actor's opsec mistake allowed the investigators to discover a "testing" server in the USA where the threat actors were storing screenshots and keylogging data from compromised Android phones. This is where Amnesty first saw the Innefu Labs IP address, otherwise the real source was hiding behind a VPN.

This is the first time that the Donot Team was spotted targeting entities in African countries, and it could be a clue that the group is offering 'hacker for hire' services to governments. 

The Togolese activist, who wishes to remain anonymous for security reasons, has a history of working with civil society organisations and is an essential voice for human rights in the country. Their devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 Togolese presidential election.

According to Amnesty, human rights violations, targeting activists and civil liberties advocates, and crippling political pluralism are common in Togo, and according to Amnesty’s report, things are getting worse.

Amnesty International:      Amnesty International:    CyberIntelMag:    The Record:    TechToSee:   

You Might Also Read:

Spyware Proliferates To 45 Countries:

 

« No-Code AI Can Speed Up Business
British National Cyber Force Campus »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

AnchorFree

AnchorFree

AnchorFree is a Virtual Private Network services provider offering secure encrypted access to the internet.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

AgilePQ

AgilePQ

AgilePQ visibly secures IoT devices worldwide to protect the privacy, safety, and well-being of all people.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

Nexer

Nexer

Nexer is a modern tech company with expertise in strategy, technology and communication with a strong vision.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs are a group of IT security specialists, ethical hackers, and researchers driven to identify security flaws before cyber threat actors does.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.