\n<\/p>\n
On Monday, researchers at cybersecurity giant Kaspersky published a report<\/a> identifying a new spyware called Dante that they say targeted Windows victims in Russia and neighboring Belarus. The researchers said the Dante spyware is made by Memento Labs, a Milan-based surveillance tech maker that was formed in 2019 after a new owner acquired and took over<\/a> early spyware maker Hacking Team.<\/p>\n Memento chief executive Paolo Lezzi confirmed to TechCrunch that the spyware caught by\u00a0Kaspersky does indeed belong to Memento.<\/p>\n In a call, Lezzi blamed one of the company\u2019s government customers for exposing Dante, saying the customer used an outdated version of the Windows spyware that will no longer be supported by Memento by the end of this year.\u00a0<\/p>\n \u201cClearly they used an agent that was already dead,\u201d Lezzi told TechCrunch, referring to an \u201cagent\u201d as the technical word for the spyware<\/a> planted on the target\u2019s computer.<\/p>\n \u201cI thought [the government customer] didn\u2019t even use it anymore,\u201d said Lezzi.\u00a0<\/p>\n Lezzi, who said he was not sure which of the company\u2019s customers were caught, added that Memento had already requested that all of its customers stop using the Windows malware. Lezzi said the company had warned customers that Kaspersky had detected Dante spyware infections since December 2024. He added that Memento plans to send a message to all its customers on Wednesday asking them once again to stop using its Windows spyware.<\/p>\n He also said that Memento currently only develops spyware for mobile platforms. The company also develops some zero-days<\/a> \u2014 meaning security flaws in software unknown to the vendor that can be used to deliver spyware \u2014 though, the company mostly sources its exploits from outside developers, according to Lezzi.\u00a0<\/p>\n \t\t\tDo you have more information about Memento Labs? Or other spyware makers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email<\/a>.<\/a> \t\t<\/div>\n When reached by TechCrunch, Kaspersky spokesperson Mai Al Akka would not say which government Kaspersky believes is behind the espionage campaign, but that it was \u201csomeone who has been able to use Dante software.\u201d<\/p>\n \u201cThe group stands out for its strong command of Russian and knowledge of local nuances, traits that Kaspersky observed in other campaigns linked to this [government-backed] threat. However, occasional errors suggest that the attackers were not native speakers,\u201d Al Akka told TechCrunch.<\/p>\n In its new report, Kaspersky said it found a hacking group using the Dante spyware that it refers to as \u201cForumTroll,\u201d describing the targeting of people with invites to Russian politics and economics forum Primakov Readings<\/a>. Kaspersky said the hackers targeted a broad range of industries in Russia, including media outlets, universities, and government organizations.\u00a0<\/p>\n Kaspersky\u2019s discovery of Dante came after the Russian cybersecurity firm said it detected a \u201cwave\u201d of cyberattacks with phishing links that were exploiting a zero-day<\/a> in the Chrome browser. Lezzi said that the Chrome zero-day was not developed by Memento.\u00a0<\/p>\n In its report, Kaspersky researchers concluded that Memento \u201ckept improving\u201d the spyware originally developed by Hacking Team until 2022, when the spyware was \u201creplaced by Dante.\u201d\u00a0<\/p>\n Lezzi conceded that it is possible that some \u201caspects\u201d or \u201cbehaviors\u201d of Memento\u2019s Windows spyware were left over from spyware developed by Hacking Team.<\/p>\n A telltale sign that the spyware caught by Kaspersky belonged to Memento was that the developers allegedly left the word \u201cDANTEMARKER\u201d in the spyware\u2019s code, a clear reference to the name Dante, which Memento had previously and publicly disclosed at a surveillance tech conference, per Kaspersky.\u00a0<\/p>\n Much like Memento\u2019s Dante spyware, some versions of Hacking Team\u2019s spyware, codenamed Remote Control System, were named after historical Italian figures, such as Leonardo Da Vinci and Galileo Galilei.<\/p>\n In 2019, Lezzi purchased Hacking Team and rebranded it to Memento Labs. According to Lezzi, he paid only one euro for the company and the plan was to start over.\u00a0<\/p>\n \u201cWe want to change absolutely everything,\u201d the Memento owner told<\/a> Motherboard after the acquisition in 2019. \u201cWe\u2019re starting from scratch.\u201d<\/p>\n A year later, Hacking Team\u2019s CEO and founder David Vincenzetti announced that Hacking Team<\/a> was \u201cdead.\u201d<\/p>\n When he acquired Hacking Team, Lezzi told TechCrunch that the company only had three government customers remaining, a far cry from the more than 40 government customers that Hacking Team had in 2015. That same year, a hacktivist called Phineas Fisher broke into the startup\u2019s servers and siphoned off<\/a> some 400 gigabytes of internal emails, contracts, documents, and the source code for its spyware.<\/p>\n Before the hack, Hacking Team\u2019s customers in Ethiopia<\/a>, Morocco<\/a>, and the United Arab Emirates<\/a> were caught targeting journalists, critics, and dissidents using the company\u2019s spyware. Once Phineas Fisher published the company\u2019s internal data online, journalists revealed<\/a> that a Mexican regional government used Hacking Team\u2019s spyware to target local politicians, and that Hacking Team had sold to countries with human rights abuses, including Bangladesh, Saudi Arabia, and Sudan, among others.<\/p>\n Lezzi declined to tell TechCrunch how many customers Memento currently has, but implied it was fewer than 100 customers. He also said that there are only two current Memento employees left from Hacking Team\u2019s former staff.<\/p>\n The discovery of Memento\u2019s spyware shows that this type of surveillance technology keeps proliferating, according to John Scott-Railton, a senior researcher who has investigated spyware abuses for a decade at the University of Toronto\u2019s Citizen Lab. It also shows<\/p>\n Also that a controversial company can die because of a spectacular hack and several scandals, and yet a new company with brand new spyware can still come out of its ashes,\u00a0<\/p>\n \u201cIt tells us that we need to keep up the fear of consequences,\u201d Scott-Railton told TechCrunch. \u201cIt says a lot that echoes of the most radioactive, embarrassed and hacked brand are still around.\u201d<\/p>\n<\/div>\nContact Us<\/h4>\n
A history of hacks<\/strong><\/h2>\n