Egyptian Opposition Leader Targeted with Spyware After Presidential Bid: Security Researchers
Leading Egyptian opposition politician Ahmed Altantawy faced an attempted spyware attack after announcing his bid for the presidency, according to security researchers. The Citizen Lab and Google’s Threat Analysis Group discovered the attack last week and believe that Egyptian authorities were likely behind it.
Following the revelation, Apple promptly released operating system updates for iPhones, iPads, Mac computers, and Apple Watches to address the associated vulnerabilities. Researchers at Citizen Lab determined that Altantawy’s connection to the Vodafone Egypt mobile network had been configured to automatically infect his devices with the Predator spyware whenever he visited specific websites without the secure HTTPS protocol.
Bill Marczak, a researcher from the University of Toronto-based internet watchdog, declined to disclose further details on how he and Google researcher Maddie Stone uncovered the spyware exploit chain. He did reveal that Altantawy received the spyware via SMS and WhatsApp links sent from within Egypt.
Upon infection, the Predator spyware transforms a smartphone into a remote eavesdropping device, enabling the attacker to access sensitive data. Marczak commented on the concerning possibility that the government could select anyone on Vodafone Egypt’s network for infection, stating that Vodafone’s cooperation was likely involved.
Altantawy has not yet responded to requests for comment, nor have Egyptian officials. Citizen Lab had previously identified Egypt as a customer of Cytrox, the manufacturer of Predator, and had confirmed a successful hacking of Altantawy’s phone with the spyware in a separate incident in 2021.
Citizen Lab’s investigations have also revealed Predator infections aimed at other exiled Egyptians. In collaboration with Facebook, the organization determined that Cytrox had customers in countries such as Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.
Altantawy, a former journalist and lawmaker, announced his bid to challenge incumbent President Abdel Fatah el-Sissi in 2024. El-Sissi’s administration has been criticized by human rights groups for its suppression of political opposition, including forced disappearances, torture, and prolonged detentions without trial.
Altantawy, his family, and supporters have reported harassment, leading him to seek assistance from Citizen Lab in analyzing his phone for potential spyware infections. While the researchers did not find evidence of a successful hack, they noted that Altantawy had activated lockdown mode on his phone. Apple’s lockdown mode is designed for individuals at high risk of being targeted with spyware, such as human rights activists, journalists, and opposition politicians in countries like Egypt.
In July, the US blacklisted Cytrox for developing surveillance tools deemed to pose a threat to national security, making it illegal for US companies to do business with the company. Israel’s NSO Group, the creator of the Pegasus spyware, faced similar sanctions in November 2021. The reported use of Predator in Greece led to the resignation of two high-ranking government officials last year, including the national intelligence director.
This latest discovery brings the total number of zero-day vulnerabilities addressed by Apple software patches this month to five.
Sources:
– https://apnews.com/article/egypt-business-privacy-global-trade-madagascar-5533a238b93279754a4e48ef28527e03
– https://www.reuters.com/world/middle-east/apple-updates-devices-amid-report-egyptian-opposition-figures-were-targeted-2022-12-23/