Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society

Very special thanks to Citizen Lab colleagues including Ron Deibert, Claudio Guarnieri, Sarah McKune, Ned Moran, Masashi Crete-Nishihata, Irene Poetranto, Adam Senft, and Amitpal Singh. Citizen Lab also thanks T. Nebula, unnamed security researchers, TNG, and Internews.This report discusses the targeting of Egyptian NGOs by Nile Phish, a large-scale phishing campaign. Almost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, which has been referred to as an “unprecedented crackdown” on Egypt’s civil society. Nile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests

Spying on a Budget: Inside a Phishing Operation with Targets in the Tibetan Community

This report describes an inexpensive and technically simple phishing operation. It shows that the continued low adoption rates for digital security features, such as two factor authentication, contribute to the low bar to entry for digital espionage

It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community

Special thanks to Tibet Action Institute. Additional thanks to Jakub Dalek, PassiveTotal, VirusTotal, and TNG.In this report we track a malware operation targeting members of the Tibetan Parliament that used known and patched exploits to deliver a custom backdoor known as KeyBoy. We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection

Burned After Reading: Endless Mayfly’s Ephemeral Disinformation Campaign

Special thanks to MrObvious, Bahr Abdul, Alexei Abrahams, Siena Anstis, Masashi Crete- Nishihata, Alok Umesh Herath, Adam Senft, and Mari Zhou.Endless Mayfly is an Iran-aligned network of inauthentic websites and online personas used to spread false and divisive information primarily targeting Saudi Arabia, the United States, and Israel. Using this network as an illustration, this report highlights the challenges of investigating and addressing disinformation from research and policy perspectives

Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces

Investigation of a malware campaign targeting the Tibetan community and discussion of the challenges in analyzing closed espionage ecosystems

Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits

This report is a collaboration with the Tibetan Computer Emergency Readiness Team (TibCERT). Special thanks to the TNG & Tommy.This campaign is the first documented case of one-click mobile exploits used to target Tibetan groups, and reflects an escalation in the sophistication of digital espionage threats targeting the community