From Togo to India, on trace of Donot Team Group Spyware

In a report published on October 7, Amnesty International’s computer security researchers explain to have identified two spyware sent to a human rights activist in Togo.

By

December 2019: A human rights activist residing in Togo receives a series of strange messages on the WhatsApp application. His correspondent, who has written to him in English since an Indian number, tries to be aware of and ask him to install another email application to continue the conversation.

Advocate, the activist contacts Amnesty International and transmits to the IT experts of the organization the installation file. After analysis, the “messaging” in question mainly conceals the Stealjob spyware, able to suck, without his user, a lot of information, such as geolocation or SMS, to capture WhatsApp messages in real time and to save calls through the phone.

Less than a month later, another suspect message reaches the same activist, this time on his email box. A little more subtle, and written this time in French, the email incites it to download an attachment, which also contains a spyware, for Windows this time, Yty. Yty as Stealjob are relatively unusual software, already connected in the past to a group called Donot Team, suspected of operating mainly to and from Southeast Asia.

trapped links and vourated files.

Amnesty International’s computer security researchers have been able to raise the track left by the pirates who have targeted this human rights activist in Togo. They discovered an infrastructure, partially ill-hidden and used to send trapped links and voured files to hundreds of recipients. IP addresses (Internet Protocol, a machine on the network) of these targets were in their crushing majority located in Pakistan, Kashmir and, to a lesser extent, India and Bangladesh. A distribution that corresponds to the targeting of Donot Team already observed in the past .

The servers identified by Amnesty International researchers are used by a private company, Innefu Labs, located in India. On its website, the latter presents itself as a “research and development start-up” and list among its customers the Indian army and the Border Security Force (BSF), the powerful police force responsible for monitoring and The defense of the country’s borders with Pakistan and Bangladesh. The CVs and LinkedIn profiles of several employees of the company seem to indicate that the design or improvement of spyware is part of their attributions.

You have 49.21% of this article to read. The rest is reserved for subscribers.

/Media reports.