Spyware made by a notorious vendor has been used to target critics of the Turkish government via Twitter, according to digital rights advocacy group Access Now.
Attackers used spyware from FinFisher to target protestors focused on the Turkish government in 2017, Access Now said in a report. Hackers allegedly used Twitter-linked malicious websites to install spyware on activists’ phones.
The perpetrators used a “benign-looking mobile application” as cover for the FinFisher spyware, which was part of “a broad social engineering attack” against opponents of Turkey’s ruling party, the report stated.
“The broad and aggressive use of [the spyware] to target individuals involved in the March for Justice movement in Turkey provides a rare window into the current deployment of FinFisher,” Access Now said. “It gives us new clues and patterns of behavior of how social media is used in conjunction with the malware…” the organization added.
There is evidence that surveillance campaigns in Indonesia, Ukraine, and Venezuela used the same malware, according to Access Now.
Authoritarian governments have provided steady demand for spyware products as autocrats look to bend digital societies to their will. FinFisher spyware was one of the surveillance tools used in a broad cyber espionage campaign in the Middle East, according to recent research from Citizen Lab.
CyberScoop asked FinFisher for comment and will update this story if any is received. A website in the vendor’s name boasts of “leading offensive IT intrusion solutions” and work with intelligence agencies and law enforcement to fight crime and terror.