Spyware campaign targeted Ethiopian dissidents in US, other countries

Spyware campaign targeted Ethiopian dissidents in US, other countries
© Getty Images

Ethiopian dissidents living in the United States and other countries were repeatedly targeted by a militarized spyware campaign, the University of Toronto's Citizen Lab reported Wednesday

Those activists appear to have hit by PC 360, a spyware designed by the Israeli firm Cyberbit that is sold only to governments. 

The government of Ethiopia is believed to have targeted Ethiopian journalists working in foreign countries in the past with a different brand of commercially available spyware. 

ADVERTISEMENT
Targets of the PC 360 attacks included activists and other supporters of the Oromos, a regionalized ethnic group clashing with Ethiopia's Somali population. One was the director of the Oromia Media Network (OMN) website, Jawar Mohammed, who lived in Minneapolis. Another was Henok Gabisa, a visiting academic at Washington and Lee University in Virginia, who founded the Association of Oromo Public Defenders. 

Other targets included Etana Habte, a University of London PhD student, and Bill Marczak, a researcher at Citizen Lab who was targeted after he began corresponding with a different target of the attacks whose email had already been compromised. 

The spyware was transmitted through malicious links to documents and videos. Users looking to read or watch were instructed to download fake updates for Adobe products that contained PC 360. 

Citizen Lab, which investigates cyberattacks against human rights workers, activists and journalists, traced the attacks through the internet infrastructure used to monitor victims. Log files on servers used to coordinate the attacks helped it identify new victims and discover that some victims had been infected more than once. 

All told, Citizen Lab tracked four PC 360 infections to systems in the U.S., six each in Germany and Canada and seven in the nation of Eritrea. 

Mohammed, the OMN website director, received at least a dozen emails trying to lure him into downloading the spyware.