Multiple cyberattacks on Syrian activists linked to same party

In the ongoing Syrian uprising, regime supporters have targeted opposition activists with increasingly sophisticated malware for remote surveillance and data exfiltration. Since February 2012, when CNN first reported on the cyberespionage campaign being waged against the opposition, surveillance software has been observed masquerading as revolutionary documents, Skype encryption tools, and videos.

Last week, Citizen Lab concluded that a single set of loyalist actors has likely been responsible for two separate anti-activist attacks, a YouTube spoof attack observed in March and a Skype-distributed file observed in June. Besides sharing similar structural conventions, the two programs were receiving orders from and communicating with the same Syrian IP address, one registered to the government-owned Syrian Telecommunications Establishment.

Read Citizen Lab's report here, released in conjunction with a report from EFF.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Use [fn]...[/fn] (or <fn>...</fn>) to insert automatically numbered footnotes.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <sup> <h1> <h2> <h3>
  • Lines and paragraphs break automatically.

More information about formatting options

This question helps to reduce spam on the site. If you need new words, click the double-arrow icon on the form. If you need spoken word, click the speaker.