Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware

Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported

A leading Egyptian opposition politician was targeted with spyware after announcing a presidential bid, security researchers reported Friday. They said Egyptian authorities were likely behind the attempted hack.

Discovery of the attempt last week by researchers at Citizen Lab and Google’s Threat Analysis Group prompted Apple to rush out operating system updates for iPhones, iPads, Mac computers and Apple Watches to patch the associated vulnerabilities.

Citizen Lab said in a blog post that recent attempts to hack former Egyptian lawmaker Ahmed Altantawy involved configuring his connection to the Vodaphone Egypt mobile network to automatically infect his devices with the Predator spyware if he visited certain websites not using the secure HTTPS protocol.

Bill Marczak, the researcher involved at the University of Toronto-based internet watchdog, declined to provide more detail on how he and Google researcher Maddie Stone discovered the spyware exploit chain, which he said was sent to Altantawy’s phone via SMS and WhatsApp links from Egyptian soil.

Once infected, the Predator spyware turns a smartphone into a remote eavesdropping device and lets the attacker siphon off data.

“It’s scary the fact that the government can essentially select anyone on Vodafone Egypt’s network and perhaps other networks for infections and they just flip a switch” and select them for targeting, he said. Marczak said “the most likely scenario here is that, yes, there is this cooperation from from Vodafone.”

Altantawy did not immediately respond to a request for comment on being targeted by the alleged spyware, nor did Egyptian officials.

Citizen Lab had previously identified Egypt as a customer of Predator’s maker, Cytrox, and determined that Altantawy’s phone was successfully hacked with it in 2021 in a separate incident.

Advertisement. Scroll to continue reading.

Citizen Lab also previously documented Predator infections affecting two exiled Egyptians, and in a joint probe with Facebook determined that Cytrox had customers in countries including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.

Altantawy, a former journalist and lawmaker, announced in March his bid to challenge incumbent President Abdel Fatah el-Sissi in 2024, who has overseen a sharp crackdown on political opposition. Rights groups accuse el-Sissi’s administration of targeting dissent with brutal tactics — forced disappearances, torture and long-term detentions without trial.

Altantawy, family members and supporters have complained of being harrassed, which led him to ask Citizen Lab researchers to analyze his phone for potential spyware infection.

“We didn’t see any evidence of a successful hack, but we did note that he had (the phone) in lockdown mode,” said Marczak.

Apple offers lockdown mode for iPhone users at high risk of being targeted with spyware, who include human rights activists, journalists and opposition politicians in countries like Egypt.

In July, the U.S. added Predator’s maker, Cytrox, to its blacklist for developing surveillance tools deemed to have threatened U.S. national security as well as individuals and organizations worldwide. That makes it illegal for U.S. companies to do business with them. Israel NSO Group, maker of the Pegasus spyware, was similarly sanctions in November 2021. The reported use of Predator in Greece helped precipitate the resignation last year of two top government officials, including the national intelligence director.

The latest discovery brings to five the number of zero-day vulnerabilities to Apple software for which patches have been released this month.

Related: US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa

Related: Spyware Firm Offering iOS, Android Hacking Services for $8 Million

Related: European Lawmaker Targeted With Cytrox Predator Surveillance Spyware

Related: Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware

Related: Calls Mount for US Gov Clampdown on Mercenary Spyware Merchants

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...