NICOLAS ASFOURI/AFP/AFP via Getty Images
Hackers close to Vietnam attempted to use social media platforms X and Facebook to install spyware on the phones of dozens of high-profile targets, including US lawmakers, United Nations officials and CNN journalists . Amnesty International said Monday.
The powerful hacking tool – designed to siphon call and text data from phones – targeted social media accounts affiliated with Democratic senators Gary Peters and Chris Murphy, as well as the Republican congressman and House Foreign Affairs chairman representatives Michael McCaul, according to Amnesty investigators.
Several CNN journalists who cover East Asian affairs were also targeted. A CNN spokesperson declined to comment.
The researchers said they were not aware of any successful infections using this spyware. But the attempt to compromise powerful lawmakers simply by sending them tweets will raise new concerns on Capitol Hill about the proliferation of commercial spyware.
An obscure account on X, the former platform known as Twitter, posted spyware-laced links to hacker targets between February and June, according to Amnesty. The targets contained potentially useful information about U.S. policy toward Vietnam.
Spyware operators usually operate in the shadows, but in this case the hackers had no qualms about trying to use a public platform to lure their targets.
“It was quite a brazen and somewhat reckless way of trying to target people with quite sophisticated spyware,” Donncha Ó Cearbhaill, director of Amnesty International’s security lab, told CNN.
The European Investigative Collaborations (EIC), a network of more than a dozen media outlets, and the Washington Post first reported on Amnesty’s findings.
Ó Cearbhaill told CNN that he and his investigators were “very confident” in the hackers’ ties to Vietnam, citing contract records reviewed by the EIC between the Vietnamese government and a company affiliated with the spyware.
Researchers at Google’s Threat Analysis Group, which tracks state-backed hackers, told CNN that the Twitter account spreading the spyware appears to be based in Vietnam.
McCaul does not manage his social media accounts and therefore was not exposed to the link, said Leslie Shedd, a spokeswoman for McCaul. Office staff also were not affected, Shedd said.
A Murphy aide told CNN: “To our knowledge, no one in our office clicked on the link. »
The Vietnamese embassy in Washington, D.C., did not immediately respond to a request for comment. A spokesperson for Peters did not immediately respond to a request for comment.
For years, cybersecurity researchers and human rights activists have documented the proliferation of spyware designed to break into mobile phones and steal their content. But the issue gained traction in Washington this year after the revelation that a dozen State Department employees stationed in Africa were hacked with spyware developed by the Israeli company NSO Group.
President Joe Biden responded in March with an executive order banning U.S. government agencies from using spyware considered a threat to U.S. national security or implicated in human rights abuses.
In this case, Amnesty said the developer of the spyware was Cytrox, a company based in North Macedonia that is owned by Intellexa, a group of companies based in Europe.
The U.S. Commerce Department added Cytrox and Intellexa to its “entity list” in July, preventing U.S. companies from doing business with them without special permission.
CNN was unable to reach Intellexa or Cytrox for comment.
“Clearly these tools are being exported from the EU to states with terrible human rights records,” Ó Cearbhaill of Amnesty International told CNN. “They then turn not only on journalists and human rights defenders, but also on politicians and institutions that should meaningfully regulate these exports. »
John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab who also studied Intellexa spyware, said the results validate the Commerce Department’s regulation of the company.
“In the meantime, if European lawmakers don’t want to bring consequences for reckless sellers, they need to feel comfortable with being targeted,” Scott-Railton told CNN.