Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
On Monday, researchers at cybersecurity giant Kaspersky published a report detecting a new piece of spyware called Dante that they say targets Windows victims in Russia and neighboring Belarus. The researchers said the Dante spyware was developed by Memento Labs, a Milan-based surveillance technology maker that was formed in 2019. A new owner acquired and occupied The primary spyware maker is Hacking Team.
Memento CEO Paolo Lezzi confirmed to TechCrunch that the spyware caught by Kaspersky does indeed belong to Memento.
In a call, Lazy blamed one of the company’s government customers for exposing Dante, saying the customer used an older version of Windows spyware that will no longer be supported by Memento by the end of this year.
“Obviously they used an agent that was already dead,” Lazy told TechCrunch, referring to the technical term for “agent”. Spyware installed on the target’s computer.
“I thought [the government customer] Didn’t even use it anymore,” Lazy said.
Lazy, who said he was not sure which of the company’s customers had been caught, added that Memento had already requested all of its customers stop using the Windows malware. Lazy said the company warned customers that Kaspersky had detected Dante spyware infections since December 2024. He added that Memento plans to send a message to all its customers on Wednesday asking them to stop using Windows spyware.
He also said that Memento currently only produces spyware for mobile platforms. The company also makes some improvements day zero — meaning security flaws in software unknown to the vendor that could be used to deliver spyware — although, according to Lazy, the company sources most of its exploits from outside developers.
Contact us
Do you have more information about Memento Labs? Or other spyware manufacturers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb. by email.
When reached by TechCrunch, Kaspersky spokesperson Mai Al Akka would not say who Kaspersky believed was behind the spying campaign, but that it was “someone who was able to use the Dante software.”
“The group stands out for its strong command of the Russian language and knowledge of local nuances, Kaspersky observed in other campaigns associated with it. [government-backed] However, occasional errors indicated that the attackers were not native speakers,” Al Akka told TechCrunch.
In its new report, Kaspersky said it found a hacking group using the Dante spyware it refers to as “forumtrolls,” which it describes as targeting invitees to Russian politics and economics forums. Primakov Readings. Hackers have targeted a wide range of industries, including media outlets, universities and government agencies in Russia, Kaspersky said.
The Russian cyber security firm said it discovered Dante after it detected a “wave” of cyber attacks with phishing links. A zero day In the Chrome browser. Lazy says that Chrome Zero-Day was not developed by Memento.
In its report, Kaspersky researchers concluded that Memento was originally created by the hacking team to “develop” the spyware until 2022, when the spyware was “replaced by Dante.”
Lazy acknowledged that it’s possible that some of the “skills” or “behavior” of Memento’s Windows spyware were left over from spyware created by the hacking team.
A telltale sign that the spyware caught by Kaspersky belongs to Memento is that the developers put the word “DANTEMARKER” in the spyware’s code, an apparent reference to the Dante name, which Memento previously and publicly disclosed at the Kaspersky Surveillance Technology Conference.
Much like Memento’s Dante spyware, some versions of Hacking Team’s spyware, codenamed Remote Control System, were named after historical Italian figures such as Leonardo da Vinci and Galileo Galilei.
A history of hacking
In 2019, Lazy bought Hacking Team and rebranded it to Memento Labs. According to Lezzi, he paid only one euro for the company and the plan was to start over.
“We want to change absolutely everything,” Memento’s owner to say Motherboard after acquisition in 2019. “We’re starting from scratch.”
A year later, David Vincenzetti, CEO and founder of Hacking Team Announced by Hacking Team was “dead”.
When he acquired Hacking Team, Lazy told TechCrunch the company had only three government customers left, down from the more than 40 government customers Hacking Team had in 2015. That same year, a hacktivist named Phineas Fisher Gets into the startup’s server and shuts down About 400 GB of internal emails, contracts, documents, and the source code of its spyware.
Before hacking, hacking team customers Ethiopia, moroccoAnd United Arab Emirates The company has been caught using spyware to target journalists, critics and dissidents. Once Phineas Fisher published internal company information online, Reported by journalists That a Mexican regional government used Hacking Team’s spyware to target local politicians, and that Hacking Team sold it to countries that committed human rights abuses, including Bangladesh, Saudi Arabia and Sudan.
Lezzi declined to tell TechCrunch how many customers Memento currently has, but hinted that it has less than 100 customers. He also said that only two current Memento employees remain from the hacking team’s former employees.
According to John Scott-Relton, a senior researcher at the University of Toronto’s Citizen Lab who has investigated spyware misuse for a decade, the Memento spyware discovery shows that such surveillance technologies are expanding. It also shows
Also a controversial company can die due to a spectacular hack and several scandals, and yet a new company with a new spyware can rise from its ashes,
“It tells us that we have to maintain our fear of consequences,” Scott-Railton told TechCrunch. “It says a lot that the most radioactive, embarrassed and hacked brand still resonates.”
