On Monday, researchers at cybersecurity large Kaspersky revealed a report figuring out a brand new spyware and adware referred to as Dante that they are saying focused Home windows victims in Russia and neighboring Belarus. The researchers stated the Dante spyware and adware is made by Memento Labs, a Milan-based surveillance tech maker that was fashioned in 2019 after a brand new proprietor acquired and took over early spyware and adware maker Hacking Group.
Memento chief government Paolo Lezzi confirmed to information.killnetswitch that the spyware and adware caught by Kaspersky does certainly belong to Memento.
In a name, Lezzi blamed one of many firm’s authorities prospects for exposing Dante, saying the shopper used an outdated model of the Home windows spyware and adware that may now not be supported by Memento by the tip of this 12 months.
“Clearly they used an agent that was already useless,” Lezzi advised information.killnetswitch, referring to an “agent” because the technical phrase for the spyware and adware planted on the goal’s pc.
“I believed [the government customer] didn’t even use it anymore,” stated Lezzi.
Lezzi, who stated he was unsure which of the corporate’s prospects have been caught, added that Memento had already requested that every one of its prospects cease utilizing the Home windows malware. Lezzi stated the corporate had warned prospects that Kaspersky had detected Dante spyware and adware infections since December 2024. He added that Memento plans to ship a message to all its prospects on Wednesday asking them as soon as once more to cease utilizing its Home windows spyware and adware.
He additionally stated that Memento at the moment solely develops spyware and adware for cell platforms. The corporate additionally develops some zero-days — which means security flaws in software program unknown to the seller that can be utilized to ship spyware and adware — although, the corporate principally sources its exploits from outdoors builders, in line with Lezzi.
Contact Us
Do you might have extra details about Memento Labs? Or different spyware and adware makers? From a non-work gadget, you possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram, Keybase and Wire @lorenzofb, or by e mail.
When reached by information.killnetswitch, Kaspersky spokesperson Mai Al Akka wouldn’t say which authorities Kaspersky believes is behind the espionage marketing campaign, however that it was “somebody who has been ready to make use of Dante software program.”
“The group stands out for its robust command of Russian and information of native nuances, traits that Kaspersky noticed in different campaigns linked to this [government-backed] risk. Nevertheless, occasional errors recommend that the attackers weren’t native audio system,” Al Akka advised information.killnetswitch.
In its new report, Kaspersky stated it discovered a hacking group utilizing the Dante spyware and adware that it refers to as “ForumTroll,” describing the concentrating on of individuals with invitations to Russian politics and economics discussion board Primakov Readings. Kaspersky stated the hackers focused a broad vary of industries in Russia, together with media shops, universities, and authorities organizations.
Kaspersky’s discovery of Dante got here after the Russian cybersecurity agency stated it detected a “wave” of cyberattacks with phishing hyperlinks that have been exploiting a zero-day within the Chrome browser. Lezzi stated that the Chrome zero-day was not developed by Memento.
In its report, Kaspersky researchers concluded that Memento “stored enhancing” the spyware and adware initially developed by Hacking Group till 2022, when the spyware and adware was “changed by Dante.”
Lezzi conceded that it’s doable that some “facets” or “behaviors” of Memento’s Home windows spyware and adware have been left over from spyware and adware developed by Hacking Group.
A telltale signal that the spyware and adware caught by Kaspersky belonged to Memento was that the builders allegedly left the phrase “DANTEMARKER” within the spyware and adware’s code, a transparent reference to the identify Dante, which Memento had beforehand and publicly disclosed at a surveillance tech convention, per Kaspersky.
Very similar to Memento’s Dante spyware and adware, some variations of Hacking Group’s spyware and adware, codenamed Distant Management System, have been named after historic Italian figures, resembling Leonardo Da Vinci and Galileo Galilei.
A historical past of hacks
In 2019, Lezzi bought Hacking Group and rebranded it to Memento Labs. In response to Lezzi, he paid just one euro for the corporate and the plan was to start out over.
“We need to change completely every thing,” the Memento proprietor advised Motherboard after the acquisition in 2019. “We’re ranging from scratch.”
A 12 months later, Hacking Group’s CEO and founder David Vincenzetti introduced that Hacking Group was “useless.”
When he acquired Hacking Group, Lezzi advised information.killnetswitch that the corporate solely had three authorities prospects remaining, a far cry from the greater than 40 authorities prospects that Hacking Group had in 2015. That very same 12 months, a hacktivist referred to as Phineas Fisher broke into the startup’s servers and siphoned off some 400 gigabytes of inner emails, contracts, paperwork, and the supply code for its spyware and adware.
Earlier than the hack, Hacking Group’s prospects in Ethiopia, Morocco, and the United Arab Emirates have been caught concentrating on journalists, critics, and dissidents utilizing the corporate’s spyware and adware. As soon as Phineas Fisher revealed the corporate’s inner information on-line, journalists revealed {that a} Mexican regional authorities used Hacking Group’s spyware and adware to focus on native politicians, and that Hacking Group had bought to international locations with human rights abuses, together with Bangladesh, Saudi Arabia, and Sudan, amongst others.
Lezzi declined to inform information.killnetswitch what number of prospects Memento at the moment has, however implied it was fewer than 100 prospects. He additionally stated that there are solely two present Memento workers left from Hacking Group’s former employees.
The invention of Memento’s spyware and adware exhibits that the sort of surveillance know-how retains proliferating, in line with John Scott-Railton, a senior researcher who has investigated spyware and adware abuses for a decade on the College of Toronto’s Citizen Lab. It additionally exhibits
Additionally {that a} controversial firm can die due to a spectacular hack and a number of other scandals, and but a brand new firm with model new spyware and adware can nonetheless come out of its ashes,
“It tells us that we have to sustain the worry of penalties,” Scott-Railton advised information.killnetswitch. “It says quite a bit that echoes of essentially the most radioactive, embarrassed and hacked model are nonetheless round.”
