Egyptian Parliament Member Falls Prey To Cyber Spying
Citizen Lab Investigation Findings Revealed
Overt Operator
September 25, 2023
In a recent investigation by Citizen Lab, alarming findings reveal that former Egyptian Member of Parliament, Ahmed Eltantawy, was the victim of a sophisticated cyber espionage campaign that leveraged Cytrox's Predator spyware.
The targeting of Eltantawy occurred between May and September 2023, shortly after he publicly announced his intention to run for President in the 2024 Egyptian elections.
Cytrox's Predator spyware was initially discovered targeting Android devices in May 2022. However, Citizen Lab pointed out a connection between the spyware and the European spyware vendor, Intellexa Alliance.
Intellexa had previously made headlines in November 2019 when Cypriot authorities seized a surveillance van belonging to the firm, equipped with hacking tools capable of intercepting and tracking smartphones.
The campaign against Eltantawy utilized various tactics, including SMS and WhatsApp messages containing malicious links.
Additionally, Eltantawy's mobile connection with Vodafone Egypt was persistently targeted via network injection. When Eltantawy visited non-HTTPS websites, a device within Vodafone Egypt's network automatically redirected him to a malicious website to infect his phone with Cytrox's Predator spyware.
Citizen Lab's investigation uncovered an iPhone zero-day exploit chain designed to install Predator on iOS versions through 16.6.1. They also obtained the first stage of the spyware, which shared notable similarities with a sample obtained in 2021.
Citizen Lab confidently attributes the spyware to Cytrox's Predator spyware, given their known association with the Egyptian government, which is a customer of the spyware. The network injection attack was also attributed with high confidence to the Egyptian government, as it originated from a device physically located within Egypt.
This case raises concerns about the lack of controls on the export of spyware technologies and underscores the importance of security updates and lockdown modes on Apple devices. It highlights the need for stricter regulations surrounding the export of spyware to prevent its misuse by governments or malicious actors.
The targeting of politicians and government critics with spyware is a serious violation of privacy and a threat to democracy. Individuals and organizations must remain vigilant about potential cyber threats and take necessary measures to protect their devices and data.
Eltantawy's case serves as a reminder of the evolving nature of cyber threats and the need for constant adaptation and improvement in cybersecurity measures.
The technology used by spyware vendors continues to advance, making it imperative for individuals and organizations to stay up-to-date with security patches and employ robust security measures to mitigate the risk of being targeted.
As investigations into this cyber-espionage campaign continue, it is hoped that the findings will lead to increased awareness, accountability, and action to prevent similar incidents in the future.