The Egyptian region must raise their alarm and sensitivity on Cybercrime attacks on all fronts as cybersecurity experts that advocate of Human Rights recently discovered spyware that has been used targeting activists and human rights defenders (HRD) in Egypt. Amnesty International is a well-known advocate that assists in securing the safety and awareness of many of its allies worldwide in fighting hackers‘ penetration onto their intel. While on monitoring the activity of ‘NilePhish‘ that targets Egyptian NGOs, they could trace another spyware named – FinSpy.
The spyware is developed by experts in Germany by the company FinFisher Gmbh. Commercial spyware sold exclusively to known government organizations to be used in ethical espionage as a tool of law enforcement in performing their legal operation. However, Amnesty International unearthed that this has also been used to spy on their coadjutor. The group is already on its traced for the unknown adversary but highly suspects that these are government–backed groups as their initial investigation concludes that victims are all prominent activists and HRDs in Egypt.
FinSpy enters the victim‘s devices through the usual penetration of email phishing or compromised website redirection.
Once the spyware enters the system, it will self-extract and then send a signal to an unknown server to contact the threat actor. The connection has been established and ready for remote command and control from the hacker. Ingeniously designed, the application also has a built-in self-destruct capability if it was intercepted and run on sandboxes to be scrutinized for the adversary to stay unknown.
The lethal capability of FinSpy can infect most of the devices as long as it runs Windows, iOS and Android systems. Pretty much from computers to handheld devices such as phones and tablets as the program is equipped to either perform root access or jailbreak capability to the targeted device. With the hackers’ perusal, they can turn compromised devices to capture video and voice recordings without the victim‘s knowledge that these features have been turned on remotely. Aside from these, attackers can record keystrokes, call wiretapping, and data exfiltration, including messages, photos, contact lists, and internet activities.
Amnesty International submitted the report to serve as an awareness of other co-advocates, including a documentation checklist to confirm if the device they are using has been compromised. This is essential news within their community. Other research groups can verify with its report last year that FinSpy has been used to espionage on other countries despite its exclusivity contract.