ESET collected evidence of Hacking Team ‘activity post-hack, the company published an interesting analysis based on post hack samples found in the wild.
Security researchers at ESET have spotted in fourteen countries previously unreported samples of the
Remote Control System (RCS), the surveillance software developed by the Italian Hacking Team, in fourteen countries.
Malware researchers that analyzed the sample believe that the Hacking Team developers are continuing the development of the surveillance malware.
Since 2003,
Hacking Team gained notoriety for selling
surveillance tools to governments and intelligence agencies, but human rights research group
criticized its alleged sales to the authoritarian regimes.
The Remote Control System (RCS) is a sophisticated spyware that is able to transform the device in a surveillance tool by activating the webcam and microphone, extracting information from a targeted device, and intercepting emails and instant messaging.
The company made the headlines in July 2015 when it
suffered a major security breach and attackers exfiltrated 400GB of internal data, including the spyware source code.
After the hack, Hacking Team was forced to request its customers to
stop all the operation and don’t use the spyware.
“The first reports suggesting Hacking Team’s resumed operations came six months later – a new sample of Hacking Team’s Mac spyware was apparently in the wild.” states the analysis published by ESET.
“A year after the breach, an investment by a company named Tablem
Limited brought changes to Hacking Team’s shareholder structure, with Tablem
Limited taking 20% of Hacking Team’s shareholding. Tablem
Limited is officially based in Cyprus; however, recent news suggests it has ties to Saudi Arabia.”
The experts started the investigation after researchers from the
Citizen Lab provided them information that led to the discovery of a version of the RCS software signed with a previously unseen valid digital certificate.
The researchers uncovered many samples of Hacking Team spyware created after the 2015 data breach, their code implements some changes compared to variants released before the source code leak.
...
...
...
...
