Egyptian Politician Targeted With Spyware

Security researchers found that Egyptian authorities made multiple attempts to target Ahmed Altantawy with spyware after he announced his presidential bid. The spyware included malicious links in text messages and network injection. The Predator spyware, once installed, turns the smartphone into a remote eavesdropping device, allowing the attacker to siphon off data. It was also discovered that Egypt is a known customer of Predator's maker, Cytrox, and the spyware was delivered via network injection from Egyptian soil, leading the researchers to attribute the attacks to the Egyptian government. Additionally, it was found that Altantawy's phone was successfully hacked with Predator in a separate incident in 2021.

The discovery prompted Apple to release operating system updates for its devices to patch the associated vulnerabilities. It was also found that Altantawy had his phone in "lockdown mode," which likely prevented successful infections, and that telecommunications companies operating in Egypt might be complicit in the attacks. The University of Toronto-based internet watchdog, along with Google researchers, obtained the exploit chain used in the attacks and expressed concern over the government's ability to select individuals on certain networks for infections.

Altantawy, who has been vocal in opposition to the current Egyptian president, Abdel Fatah el-Sissi, sought assistance from Citizen Lab researchers after receiving suspicious and anonymous messages. He believes the hacking attempts were linked to his political candidacy and opposition role in the country against the Sisi regime, with the aim of surveilling and potentially discrediting or defaming him. The incident also raises questions about the involvement of telecommunications companies in Egypt and their potential complicity in such attacks.

It was also reported that the spyware maker, Cytrox, had customers in various countries, prompting the U.S. to add the company to its blacklist for developing surveillance tools deemed to have threatened national security. The latest discovery of the spyware targeting Altantawy has led to the release of patches for five zero-day vulnerabilities in Apple software this month.