Ceo Of Spyware Maker Memento Labs Confirms One Of Its Government Customers Was Caught Using Its Malware

On Monday, researchers astatine cybersecurity elephantine Kaspersky published a report identifying a caller spyware called Dante that they opportunity targeted Windows victims successful Russia and neighboring Belarus. The researchers said nan Dante spyware is made by Memento Labs, a Milan-based surveillance tech shaper that was formed successful 2019 aft a caller proprietor acquired and took over early spyware shaper Hacking Team.

Memento main executive Paolo Lezzi confirmed to TechCrunch that nan spyware caught by Kaspersky does so beryllium to Memento.

In a call, Lezzi blamed 1 of nan company’s authorities customers for exposing Dante, saying nan customer utilized an outdated type of nan Windows spyware that will nary longer beryllium supported by Memento by nan extremity of this year. 

“Clearly they utilized an supplier that was already dead,” Lezzi told TechCrunch, referring to an “agent” arsenic nan method connection for nan spyware planted connected nan target’s computer.

“I thought [the authorities customer] didn’t moreover usage it anymore,” said Lezzi. 

Lezzi, who said he was not judge which of nan company’s customers were caught, added that Memento had already requested that each of its customers extremity utilizing nan Windows malware. Lezzi said nan institution had warned customers that Kaspersky had detected Dante spyware infections since December 2024. He added that Memento plans to nonstop a connection to each its customers connected Wednesday asking them erstwhile again to extremity utilizing its Windows spyware.

He besides said that Memento presently only develops spyware for mobile platforms. The institution besides develops immoderate zero-days — meaning information flaws successful package chartless to nan vendor that tin beryllium utilized to present spyware — though, nan institution mostly sources its exploits from extracurricular developers, according to Lezzi. 

When reached by TechCrunch, Kaspersky spokesperson Mai Al Akka would not opportunity which authorities Kaspersky believes is down nan espionage campaign, but that it was “someone who has been capable to usage Dante software.”

“The group stands retired for its beardown bid of Russian and knowledge of section nuances, traits that Kaspersky observed successful different campaigns linked to this [government-backed] threat. However, occasional errors propose that nan attackers were not autochthonal speakers,” Al Akka told TechCrunch.

In its caller report, Kaspersky said it recovered a hacking group utilizing nan Dante spyware that it refers to arsenic “ForumTroll,” describing nan targeting of group pinch invites to Russian authorities and economics forum Primakov Readings. Kaspersky said nan hackers targeted a wide scope of industries successful Russia, including media outlets, universities, and authorities organizations. 

Kaspersky’s find of Dante came aft nan Russian cybersecurity patient said it detected a “wave” of cyberattacks pinch phishing links that were exploiting a zero-day successful nan Chrome browser. Lezzi said that nan Chrome zero-day was not developed by Memento. 

In its report, Kaspersky researchers concluded that Memento “kept improving” nan spyware primitively developed by Hacking Team until 2022, erstwhile nan spyware was “replaced by Dante.” 

Lezzi conceded that it is imaginable that immoderate “aspects” aliases “behaviors” of Memento ‘ Windows spyware were near complete from spyware developed by Hacking Team.

A telltale motion that nan spyware caught by Kaspersky belonged to Memento was that nan developers allegedly near nan connection “DANTEMARKER” successful nan spyware’s code, a clear reference to nan sanction Dante, which Memento had antecedently and publically disclosed astatine a surveillance tech conference, per Kaspersky. 

Much for illustration Memento’s Dante spyware, immoderate versions of Hacking Team’s spyware, codenamed Remote Control System, were named aft humanities Italian figures, specified arsenic Leonardo Da Vinci and Galileo Galilei.

A history of hacks

In 2019, Lezzi purchased Hacking Team and rebranded it to Memento Labs. According to Lezzi, he paid only 1 euro for nan institution and nan scheme was to commencement over. 

“We want to alteration perfectly everything,” nan Memento proprietor told Motherboard aft nan acquisition successful 2019. “We’re starting from scratch.”

A twelvemonth later, Hacking Team’s CEO and laminitis David Vincenzetti announced that Hacking Team was “dead.”

When he acquired Hacking Team, Lezzi told TechCrunch that nan institution only had 3 authorities customers remaining, a acold outcry from nan much than 40 authorities customers that Hacking Team had successful 2015. That aforesaid year, a hacktivist called Phineas Fisher broke into nan startup’s servers and siphoned off immoderate 400 gigabytes of soul emails, contracts, documents, and nan root codification for its spyware.

Before nan hack, Hacking Team’s customers successful Ethiopia, Morocco, and nan United Arab Emirates were caught targeting journalists, critics, and dissidents utilizing nan company’s spyware. Once Phineas Fisher published nan company’s soul information online, journalists revealed that a Mexican location authorities utilized Hacking Team’s spyware to target section politicians, and that Hacking Team had sold to countries pinch quality authorities abuses, including Bangladesh, Saudi Arabia, and Sudan, among others.

Lezzi declined to show TechCrunch really galore customers Memento presently has, but implied it was less than 100 customers. He besides said that location are only 2 existent Memento labor near from Hacking Team’s erstwhile staff.

The find of Memento’s spyware shows that this type of surveillance exertion keeps proliferating, according to John Scott-Railton, a elder interrogator who has investigated spyware abuses for a decade astatine nan University of Toronto’s Citizen Lab. It besides shows

Also that a arguable institution tin dice because of a spectacular hack and respective scandals, and yet a caller institution pinch marque caller spyware tin still travel retired of its ashes, 

“It tells america that we request to support up nan fearfulness of consequences,” Scott-Railton told TechCrunch. “It says a batch that echoes of nan astir radioactive, embarrassed and hacked marque are still around.”