An agent of the Kazakhstan government has been using enterprise-grade spyware against domestic targets, according to Lookout research published last week. The government entity used brand impersonation to trick victims into downloading the malware, dubbed “Hermit.” Hermit is an advanced, modular program developed by RCS Lab, a notorious Italian company that specializes in digital surveillance. It has the power to do all kinds of spying on a target’s phone – not just collect data, but also record and make calls. The timing of this spying operation holds extra significance. In the first week of 2022, anti-government protests were met with violent crackdowns across Kazakhstan. 227 people died in all, and nearly 10,000 were arrested. Four months later is when researchers discovered the latest samples of Hermit making rounds. The Intrusion How do you get a target to download their own spyware? In this campaign, the perpetrators use OPPO – Guangdong Oppo Mobile Telecommunications Corp., Ltd – a Chinese mobile and electronics manufacturer – as its ploy to earn trust among targets. According to researchers, agents working on the behalf of the government send SMS messages purporting to come from OPPO, which is actually a maliciously hijacked link to the company’s official Kazakh-language support page: http[://]oppo-kz[.]custhelp[.]com. (At the time of the report’s publication, that support page had gone offline.) In some instances, the attackers also impersonate Samsung and Vivo,…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2022-06-21 08:48:002022-06-21 08:48:00Kazakh Govt. Used Spyware Against Protesters
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org