Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Report: Mexico Continued to Use Spyware Against Activists

The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices.

The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices.

Press freedom groups said Monday they found evidence of recent attempts to use the Israeli spyware program Pegasus against activists investigating human rights abuses by the Mexican army. The Pegasus infection was confirmed through a forensic investigation by the University of Toronto group Citizen Lab.

According to a report by the press freedom group Article 19, The Network for the Defense of Digital Rights and Mexican media organizations, the targets included rights activist Raymundo Ramos.

Ramos has worked for years documenting military and police abuses, including multiple killings, in the drug cartel-dominated border city of Nuevo Laredo. Ramos’ cellphone was apparently infected with Pesgasus spyware in 2020.

“They do not like us documenting these types of cases, for them to be made public and have criminal complaints filed,” Ramos said.

The other victims included journalist and author Ricardo Raphael in 2019 and 2020, and an unnamed journalist for the online media outlet Animal Politico.

Daniel Moreno, the director of Animal Politico, said “if the president didn’t know, that is very serious because it means the army engaged in spying without his consent. If the president did know, that is also very serious.”

Advertisement. Scroll to continue reading.

López Obrador took office in December 2018 pledging to end government spying. The president said he himself had been the victim of government surveillance for decades as an opposition leader.

“We are not involved in that,” Lopez Obrador said in 2019, in response to questions about the use of Pegasus. “Here we have decided not to go after anybody. Before, when we were in the opposition, we were spied on.”

The report Monday alleged the Mexican army has requested price quotes for surveillance programs from companies connected to the distribution of Pegasus, which the company says is sold only to governments.

The report said the hacker group Guacamaya found army documents listing requests for price quotes from 2020, 2021 and 2022.

The victims of the spyware attacks said they assumed the military was responsible, because of the nature of their work and the timing of the espionage.

Leopoldo Maldonado, the director of Article 19, said, “All of this indicates two possible scenarios: the first, that the president lied to the people of Mexico. The second is that the armed forces are spying behind the president’s back, disobeying the orders of their commander in chief.”

Contacted for comment, a spokesman for Mexico’s Defense Department said it had no immediate comment on the allegations.

In 2021, a Mexican businessman was arrested on charges he used the Pegasus spyware to spy on a journalist, but the Israeli spyware firm NSO Group distanced itself from that man. The businessman has long been described in Mexico as an employee of a firm that acted as an intermediary in the spyware purchases.

López Obrador’s top security official has said that two previous administrations spent $61 million to buy Pegasus spyware.

The NSO Group has been implicated in government surveillance of opponents and journalists around the world. The company said “NSO’s technologies are only sold to vetted and approved government entities.”

Mexico had the largest list — about 15,000 phone numbers — among more than 50,000 reportedly selected by NSO clients for potential surveillance.

López Obrador has relied more on the military and given it more responsibilities — from building infrastructure projects to overseeing seaports and airports — than any of his predecessors.

That has raised concerns that the Mexican army — which has traditionally stayed out of politics — may be turning into a force unto itself, with little oversight or transparency.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.