The CEO of spyware maker Memento Labs confirms that one of its government clients has been caught using its malware

On Monday, researchers at cybersecurity giant Kaspersky Published a report Identify a new spyware called Dante that they say targets Windows victims in Russia and neighboring Belarus. The researchers said that the Dante spyware was made by Memento Labs, a Milan-based surveillance technology manufacturer that was founded in 2019 after… It gained a new owner and took it over Early spyware maker Hacking Team.

Memento CEO Paolo Lisi confirmed to TechCrunch that the spyware discovered by Kaspersky actually belongs to Memento.

In a call, Lezzi blamed one of the company’s government clients for the Dante exposure, saying the client used an outdated version of the Windows spyware that will no longer be supported by Memento by the end of this year.

“They obviously used an already dead proxy,” Lisi told TechCrunch, referring to “proxy” as the technical word for the technical word. Spyware Implanted on the target’s computer.

“I thought (the government agent) didn’t use it anymore,” Lisi said.

Lezzi, who said he was not sure which of the company’s customers were caught, added that Memento has already asked all of its customers to stop using the Windows malware. Lezzi said the company has warned customers that Kaspersky has detected Dante spyware infections since December 2024. He added that Memento plans to send a letter to all of its customers on Wednesday again asking them to stop using the Windows spyware.

He also said that Memento is currently developing spyware for mobile platforms only. The company is also developing some Zero days — This means there are security flaws in the software unknown to the vendor that could be used to deliver spyware — though the company mostly gets its exploits from third-party developers, according to Lezzi.

When contacted by TechCrunch, Kaspersky spokeswoman Mai Al Akka would not say which government Kaspersky believes was behind the espionage campaign, but that it was “someone capable of using Dante software.”

“The group is distinguished by its strong command of the Russian language and knowledge of local nuances, traits that Kaspersky has observed in other campaigns linked to this (government-backed) threat,” Al-Akka told TechCrunch. “However, occasional errors suggest that the attackers were not native speakers.”

Kaspersky said in its new report that it had found a hacking group using Dante spyware, which it refers to as “ForumTroll,” describing the targeting of people with invitations to attend the Russian Politics and Economics Forum. Primakov’s readings. Kaspersky said the hackers targeted a wide range of industries in Russia, including media, universities and government organizations.

Kaspersky’s discovery of Dante came after the Russian cybersecurity company said it had discovered a “wave” of cyberattacks with phishing links that were exploiting… Zero day In Chrome browser. Lezzi said that Chrome Zero-day was not developed by Memento.

Kaspersky researchers concluded in their report that Memento “continued to improve” the spyware originally developed by Hacking Team until 2022, when the spyware was “replaced by Dante.”

Lisi admitted that it is possible that some “aspects” or “behaviors” of Memento’s Windows spyware were left over from spyware developed by Hacking Team.

A clear sign that the spyware discovered by Kaspersky belongs to Memento is that the developers left the word “DANTEMARKER” in the spyware code, an apparent reference to the name Dante, which Memento previously and publicly revealed at a surveillance technology conference, per Kaspersky.

Just like Memento’s Dante spyware, some versions of Hacking Team’s spyware, codenamed Remote Control System, are named after historical Italian figures, such as Leonardo da Vinci and Galileo Galilei.

A history of breakthroughs

In 2019, Lezzi purchased Hacking Team and rebranded it as Memento Labs. According to Lisi, he only paid one euro for the company and the plan was to start over.

“We want to change absolutely everything,” Memento owner He said Motherboard after its acquisition in 2019. “We are starting from scratch.”

A year later, Hacking Team CEO and founder David Vincenzetti emerged Announced the hacking team He was “dead”.

When he acquired Hacking Team, Lezzi told TechCrunch that the company only had three government clients remaining, a far cry from the more than 40 government clients Hacking Team had in 2015. That same year, a hacktivist named Phineas Fisher emerged She broke into the startup’s servers and hijacked them About 400 gigabytes of internal emails, contracts, documents and the source code for its spyware.

Before the hack, Hacking Team agents entered Ethiopia, Moroccoand United Arab Emirates They were caught targeting journalists, critics and dissidents using the company’s spyware. Once Phineas Fisher posted the company’s internal data online, Journalists revealed That a Mexican regional government used Hacking Team’s spyware to target local politicians, and that Hacking Team sold it to countries that abuse human rights, including Bangladesh, Saudi Arabia, and Sudan, among others.

Lezzi declined to tell TechCrunch how many Memento customers currently have, but implied it was fewer than 100. He also said that there are only two current Memento employees left who are former Hacking Team employees.

The discovery of Memento’s spyware shows that this type of surveillance technology continues to spread, according to John Scott Railton, a senior researcher who has investigated spyware breaches for a decade at the University of Toronto’s Citizen Lab. It also appears

Also, a controversial company can die due to a spectacular hack and several scandals, yet a new company with brand new spyware can still emerge from its ashes.

“It tells us that we need to continue to fear the consequences,” Scott Railton told TechCrunch. “It says a lot that the echoes of the most radiant, embarrassing and penetrating brands are still there.”