Amnesty International has published a report describing phishing attacks targeting Egyptian human rights defenders, media professionals and civil society organizations, which were carried out by an attacking group known as "NilePhish", in which they used the German program FinSpy.

The Munich-based company FinFisher developed a group of spyware called “Fun Spy” in 2011, and since then researchers have documented numerous cases of targeting human rights defenders, including activists, journalists and dissidents, using this program in many From countries, including Bahrain, Ethiopia, and the United Arab Emirates, among others.

The Amnesty International report came while researching the activity of the "Nail Fish" group, where researchers discovered that they had installed samples of "Fun Spy" programs on the Microsoft Windows operating system through a fake website to download the "Adobe Flash" player. Player).

Through additional technical investigations, Amnesty International's Security Lab discovered new samples of "FunSpy" for Windows and Android systems and previously undisclosed versions of computers running on Linux and MacOS.

This report provides technical information on these recent "FunSpy" samples in order to assist the cybersecurity research community in further investigations, enable cybersecurity vendors to implement protection mechanisms against these newly discovered variables, and increase awareness among human rights defenders about digital attack techniques. Cutting edge.

"FunSpy" programs can silently intercept communications, access private data, and record audio and video from a computer or portable device installed on it.

Fun Fischer sells the program to law enforcement agencies and government agencies around the world, according to media reports, and when Egyptian protesters stormed in 2011 the offices of the State Security Investigations Service (now National Security), an intelligence agency notorious for committing serious human rights violations during the ruling The late President Hosni Mubarak who lasted for decades;

Discover contracts to sell "Fun Spy" to the Egyptian authorities.

Amnesty International discovered samples of spyware likely to be sponsored by states (Reuters)

In September 2019, Amnesty International discovered samples of "Fun Fisher" spyware, which was distributed by the malicious infrastructure associated with the group of attackers known as "Neal Fish", which is likely to be sponsored by the state.

Several research reports - including Amnesty International reports - provided details of the "Nile Fish" campaigns to target Egyptian civil society organizations.

Through this report, Amnesty International's Security Lab shares new insights into the capabilities of the Nail Fish attackers group, as well as providing a detailed analysis of newly discovered variants from FunSpy in order to enable cybersecurity researchers to conduct further investigations and develop protection mechanisms. .

The Security Lab of Amnesty International warned Egyptian civil society organizations against a large-scale campaign of phishing attacks targeting human rights defenders, carried out by the so-called "Nile Fish" attackers group.