What happens when we come across a surveillance operation targeting Egypt’s civil society? And what happens when the attackers expose all of their backend code by mistake? This is The Eye on the Nile.
Egyptian activists and journalists report and fight against human rights violations, only to face human rights violations themselves: they are often silenced, detained, tortured and imprisoned. Practicing their freedom of expression becomes especially dangerous under a regime that is constantly wary of attempts to spark a second revolution. Therefore, it would not be surprising to see surveillance-motivated attacks trying to go after those targets.
This talk will discuss how an opsec mistake made by a state actor gave us a rare insight into their long-term malicious activity, and the methods they were using to keep a close eye on possible internal threats within Egypt. Among our findings were attempts to gain access to victims' inboxes and monitor their correspondences, mobile applications hosted on Google's Play Store and used to track victims' communications or location, and more.
We will start by reviewing our investigation into the attackers' infrastructure, and will then go over the different attack vectors and previously undisclosed malicious artifacts used in this operation. Lastly, we will share how we were able to find and reveal the identities of this campaign's high-profile targets, and the location of the headquarters which we suspect the attackers are operating from.