According to a new report from Citizen Labs, the Turkish telecommunications network uses Sandvine PacketLogic devices to redirect hundreds of target users (reporters, lawyers and human rights defenders) to malicious versions of legitimate programs bundled with FinFisher and StrongPity spyware. At that time they tried to download from official sources.
“This redirection is possible because of the official website of these programs, although they may support HTTPS, but by default users point to non-HTTPS downloads,” the report writes.
A similar activity was also discovered in Syria, where Internet users were quietly redirected to malicious versions of popular applications, including Avast Antivirus, CCleaner, Opera, and 7-Zip applications bundled with government spyware. program.
In Turkey, Sandvine PacketLogic equipment was used to block websites like Wikipedia, the Netherlands Broadcasting Foundation (NOS) and the PKK website.
ISP Injects Password Mining Script into User’s Web Browser
Sandvine – PacketLogic Devices
However, in Egypt, Sandvine PacketLogic equipment is being used by telecom operators to make money by:
To mine Mundell’s cryptocurrency, secretly inject a cryptocurrency mining script into every HTTP page the user visits.
Redirect Egyptian users to webpages through affiliate ads.
In Egypt, these devices were also used to stop human rights, political and news media such as Al Jazeera, HuffPost Arabic, Reporters Without Borders and Mada Masr, and non-governmental organizations such as Human Rights Watch.
The Citizen Lab’s researchers reported their findings to Sandvine, but the company called their reports “false, misleading, and wrong” and asked them to return the second-hand PacketLogic devices they used to confirm their fingerprints.
In September last year, ESET researchers released a report. The Citizens Laboratory started the survey last September. The report shows that it has been reported that several popular downloads have been made at the ISP level in two (unnamed) countries. App to distribute FinFisher spyware.
Governments in Turkey and Syria have been caught hijacking local internet users’ connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users’ web traffic in Egypt. Governments, or agencies linked to it, and ISPs in the three countries are using Deep Packet Inspection Engaging post, Read More…
thumbnail courtesy of thehackernews.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »