A report by Amnesty International links an Indian cybersecurity company to an Android spyware program used to target prominent activists.
The investigation comes from Amnesty International's team, who confirmed a case of espionage against a Togolese activist and also observed signs of spyware deployment across several key Asian regions.
According to
Amnesty International, the Android spyware has been linked to Indian cybersecurity company Innefu Labs after an IP address belonging to the company was repeatedly used for the distribution of the spyware payload.
However, the actual deployment could be the work of the 'Donot Team' (APT-C-35), a collective of Indian hackers who have been targeting governments in Southeast Asia since at least 2018.
Amnesty notes that it's possible Innefu is not aware of how its customers or other third parties are using its tools. However, an external audit could reveal everything now that full technical details have come to light.
In a written letter to Amnesty International, Innefu Labs denies any involvement with the Donot Team and the targeting of activists.
"At the outset we firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo. As has already been stated by us in our previous letter, we are not aware of any ‘Donot Team’ or have any relationship with them.
In your letter dated 20.09.2021, references have been made to a Xiaomi Redmi 5A phone, which has allegedly accessed the IP address of Innefu Labs, and also of some other private VPN server to access the Ukrainian hosting company called Deltahost. We believe this phone does not belong to any person associated with Innefu Labs. Merely because our IP address has been accessed using this phone does not ipso facto conclude Innefu Labs’ involvement in any of the alleged activities" - Innefu Labs.
BleepingComputer has contacted Innefu Labs multiple times since yesterday morning but did not receive a response.
