Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Researchers Say Thai Pro-Democracy Activists Hit by Spyware

Cybersecurity researchers reported details Monday of cases where Thai activists involved in the country’s pro-democracy protests had their cell phones or other devices infected and attacked with government-sponsored spyware.

Cybersecurity researchers reported details Monday of cases where Thai activists involved in the country’s pro-democracy protests had their cell phones or other devices infected and attacked with government-sponsored spyware.

Investigators of the internet watchdog groups Citizen Lab, Thailand’s Internet Law Reform Dialogue, or iLaw, and Digital Reach said at least 30 individuals — including activists, scholars and people working with civil society groups — were targeted by an unnamed government entity or entities for surveillance with Pegasus, a spyware produced by the Israeli-based cybersecurity company NSO Group.

The reports from the two groups named many of those targeted, confirming earlier reports of the surveillance, which John Scott-Railton of Citizen Lab said shows that governments are exploiting their ability to buy technologies designed to fight crime and terrorism to spy on critics and other private citizens.

“Citizen Lab believes there is a fundamental challenge for civil society,” John Scott-Railton of Citizen Lab said in an online presentation at a briefing in Bangkok.

The attacks on the individuals’ devices spanned from Oct. 2020 to Nov. 2021, a timing “highly relevant to specific Thai political events” since they took place over the period of time when pro-democracy protests erupted across the country.

But Scott-Railton said Citizen Lab, which exposes digital espionage campaigns and insecure software, believed there was still an active Pegasus operator in Thailand.

Those whose devices were attacked were either involved in the protests in 2020-2021, or were publicly critical of the Thai monarchy. Lawyers who defended the activists also were under such digital surveillance, the researchers said.

The Pegasus spyware is known for “zero-click exploits,” which means it can be installed remotely onto a target’s phone without the target having to click any links or download software.

Advertisement. Scroll to continue reading.

The spyware can obtain any data on the devices, including contact lists and group chats, making it highly effective against political groups and movements, Scott-Railton said.

NSO Group’s products, including the Pegasus software, are typically licensed only to government intelligence and law enforcement agencies to investigate terrorism and serious crime, according to the company’s website. Citizen Lab and other cyber security researchers have tracked the spyware to 45 countries.

In a separate report Monday, the human rights group Amnesty International reiterated its call for a global moratorium on the sale of spyware.

“The unlawful targeted surveillance of human rights defenders and civil society is a tool of repression. It is time to clamp down on this industry that continues to operate in the shadows,” Amnesty Tech’s deputy director Danna Ingleton said in a statement.

The company has rejected accusations that its snooping software helped lead to the killing of Saudi journalist Jamal Khashoggi, perhaps the highest-profile case so far. It maintains that its sales undergo a rigorous ethical vetting process and that Pegasus spyware is sold to governments only for security purposes.

In November, the U.S. government blacklisted NSO Group and Apple sued it and notified Pegasus victims. Facebook has sued NSO Group over the use of a somewhat similar exploit that allegedly intruded via its globally popular encrypted WhatsApp messaging app.

The reports by Citizen Lab and iLaw do not accuse any specific government actor but say the use of Pegasus indicates the presence of a government operator. When news that dissidents had been targeted first surfaced in November 2021, the government denied the allegations.

Apple said it sought a permanent injunction to ban NSO Group from using any Apple software, services or devices to “to prevent further abuse and harm to its users.”

Apple’s notifications to customers of spyware infections are a crucial part of a defense strategy against such digital surveillance, Scott-Railton said.

“Apple did something remarkable by notifying the recipients of this suspected targeting. If you look at the infection online, it stopped after Apple’s notification,” he said. “It was a very consequential thing.”

The cybersecurity experts said that turning off and restarting a device can break the spyware’s digital connection. Security updates also have helped to close the loopholes such attackers exploit.

“Layering up defenses on devices is very important,” Scott-Railton said. “Anything is better than nothing.”

But the spyware is constantly being updated and it is designed to be difficult to spot, facilitating surveillance by governments that have found it a useful tool for suppressing dissent.

Thailand’s student-led pro-democracy movement ramped up activities in 2020, largely in reaction to the continuing influence of the military in government and hyper-royalist sentiment.

The movement was able to attract crowds of as many as 20,000-30,000 people in Bangkok in 2020 and had followings in major cities and universities.

“There is longstanding evidence showing Pegasus presence in Thailand, indicating that the government would likely have had access to Pegasus during the period in question,” researchers said in the report. The over 30 individuals targeted were also “of intense interest to the Thai government.”

The army in 2014 overthrew an elected government, and Prayuth Chan-ocha, the coup leader, was named prime minister after a 2019 general election put in power a military-backed political party. Protesters have campaigned for Prayuth and his government to step down and demanded reforms to make the monarchy more accountable and to amend the constitution to make it more democratic.

Related: Report: L3 Emerges as Suitor for Embattled NSO Group

Related: Spanish Judge to Seek Testimony From NSO on Pegasus Spyware

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...