Presentation information

Hackers-for-hire in West Africa: a threat actor spreads its wings

Donncha Ó Cearbhaill (Amnesty International)
live only
17:00 UTC on Day 1
WEDNESDAY 30 SEPTEMBER
How are activists targeted for surveillance in 2021? Top-tier cyber surveillance vendors selling 0-days are a major problem. However, many under-resourced activists are still at risk from a less-sophisticated tier of persistent attackers.

In this talk we will share a case study of one such attack campaign targeting activists in West Africa. We will describe the attacks and document the custom malware tools and techniques they are using to gain access to their targets.

Our investigation has allowed us to attribute this new malware campaign to a known APT group that has traditionally been active in Asia. We will show how a series of OPSEC failures allowed us to link this APT group campaign back to a commercial cybersecurity company in Asia. We believe this company is the hacker-for-hire group responsible for these attacks.
Donncha Ó Cearbhaill
Amnesty International Donncha is a researcher and technologist at Amnesty International. Based out of Amnesty's Digital Security Lab in Berlin, his primary focus is on investigating and exposing targeted surveillance against activists and human rights defenders. Before joining Amnesty he worked on Deflect.ca, a free DDoS mitigation solution for civil society and independent media organisations.
arrow left Back

Hackers-for-hire in West Africa: a threat actor spreads its wings

17:00 - 17:30 UTC Thu 7 Oct 2021
Donncha Ó Cearbhaill (Amnesty International)
How are activists targeted for surveillance in 2021? Top-tier cyber surveillance vendors selling 0-days are a major problem. However, many under-resourced activists are still at risk from a less-sophisticated tier of persistent attackers.

In this talk we will share a case study of one such attack campaign targeting activists in West Africa. We will describe the attacks and document the custom malware tools and techniques they are using to gain access to their targets.

Our investigation has allowed us to attribute this new malware campaign to a known APT group that has traditionally been active in Asia. We will show how a series of OPSEC failures allowed us to link this APT group campaign back to a commercial cybersecurity company in Asia. We believe this company is the hacker-for-hire group responsible for these attacks.
Donncha Ó Cearbhaill
Amnesty International Donncha is a researcher and technologist at Amnesty International. Based out of Amnesty's Digital Security Lab in Berlin, his primary focus is on investigating and exposing targeted surveillance against activists and human rights defenders. Before joining Amnesty he worked on Deflect.ca, a free DDoS mitigation solution for civil society and independent media organisations.