Multiple cyberattacks on Syrian activists linked to same party

In the ongoing Syrian uprising, regime supporters have targeted opposition activists with increasingly sophisticated malware for remote surveillance and data exfiltration. Since February 2012, when CNN first reported on the cyberespionage campaign being waged against the opposition, surveillance software has been observed masquerading as revolutionary documents, Skype encryption tools, and videos.

Last week, Citizen Lab concluded that a single set of loyalist actors has likely been responsible for two separate anti-activist attacks, a YouTube spoof attack observed in March and a Skype-distributed file observed in June. Besides sharing similar structural conventions, the two programs were receiving orders from and communicating with the same Syrian IP address, one registered to the government-owned Syrian Telecommunications Establishment.

Read Citizen Lab's report here, released in conjunction with a report from EFF.