According to Citizen Lab, some governments are using Sandvine network gear installed at internet service providers to deliver spyware and cryptocurrency miners.
Researchers at human rights research group Citizen Lab have discovered that netizens in Turkey, Egypt and Syria who attempted to download legitimate Windows applications from official vendor websites (i.e. Avast Antivirus, CCleaner, Opera, and 7-Zip) have been infected with a nation-state malware.
According to the organization, local governments with the help of internet service providers have used deep-packet inspection boxes to hijack the traffic.
“This report describes how we used Internet scanning to uncover the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices (i.e. middleboxes) for malicious or dubious ends, likely by nation-states or ISPs in two countries.” states the report published by Citizen Lab.
Citizen Lab started this investigation in September after the researchers at ESET uncovered a
surveillance campaign using a new variant of
FinFisher spyware, also known as FinSpy.
Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved.
The Citizen Lab researchers have found
Sandvine PacketLogic devices being used on the networks of Türk Telecom and Telecom Egypt for distributing malware designed for varying purposes, ranging from surveillance to cryptocurrency mining.
....
....
....
....