Togo Activists, an African country located in the Gulf of Guinea, are being attacked by an Indian cybercriminal group called the Donot Team (active since 2018). Amnesty International, which revealed the case, discovered a relationship between the cybercriminal campaign and the cybersecurity company Innefu Labs, also Indian.
According to Amnesty International, cybercriminals seek to steal personal and sensitive data from members of a “prominent group of human rights defenders in Togo”, via fake Android apps and emails loaded with spyware, developed by the Donot Team.
In its report, Amnesty International revealed that an IP address found in Android spyware belongs to Indian cybersecurity company Innefu Labs.
The organization contacted Innefu Labs, which denied any involvement in the espionage attack against Tongole activists. It’s important to remember the cybercriminal group may be using the company’s technology without it knowing.
“Across the world, cyber mercenaries are profiting unscrupulously from the illegal surveillance of human rights defenders. Anyone can be a target — intruders who live hundreds of miles away can break into your phone or computer, watch where you go and who you talk to, and sell your private information to repressive and criminal governments,” said deputy director of Amnesty Tech , Danna Ingleton.
Spyware is distributed via email, fake apps and WhatsApp. “The attacks try to trick the victim into installing a malicious application masquerading as a secure chat application, which is actually a spyware for Android, designed to extract confidential and personal information stored on the victim’s smartphone“, writes the organization in a press release.
After infection, the spyware can access the victim’s camera and microphone, collect photos and files stored on the device, and read messages (even encrypted ones) from WhatsApp.
“I can’t believe my work can be so disruptive that they want to spy on me. i feel in danger“, said an activist from Togo, who preferred to remain anonymous, after realizing that his smartphone was being monitored by Indian cybercriminals.
In addition to the evidence described, additional evidence has also been found linking the Donot Team’s attacks on Innefu Labs to past attacks against India itself, Pakistan and Kashmir.
“Amnesty International’s investigation revealed a trail of technical evidence left by attackers who identified links between the attack infrastructure and India-based Innefu Labs. The company advertises digital security, data analytics and predictive policing services for the armed forces and police and claims to work with the Indian government and does not have a human rights policy. It also does not seem to carry out the due diligence on human rights — despite the enormous risks its products pose to civil society,” concluded Amnesty International.