A leading Israeli cybersecurity company found that a series of cyberattacks against Egyptian journalists, academics, opposition politicians and rights activists was likely perpetrated by the Egyptian government.
The perpetrators, who were traced to government offices, installed programs on victims’ phones that allowed them to read their emails, track their movements and keep tabs on their contacts.
Check Point Software Technologies uncovered the link and would reveal the findings in a Thursday report, the New York Times reported.
The main server for the attackers had been registered by the Egyptian Ministry of Communications and Information Technology.
GPS coordinates in one of the applications used by the perpetrators matched Egypt’s General Intelligence Service, its central spy agency, the report said.
The effort started in 2016 and targeted at least 33 leading opposition figures. It used several methods to gain access to people’s devices. An app called Secure Mail tricked the targets into divulging their Gmail passwords; an app called iLoud200% was billed as increasing the volume of phones, but actually revealed the target’s location, even when location services were turned off; IndexY purported to identify incoming calls, but actually saved details of all calls made for the attackers.
IndexY was offered by the Google Play Store until July 15, when Check Point notified Google about it. Google took down the app and banned the developer who placed it there. Its successful placement in the store spoke to its sophistication, Check Point said.
Despite the apps’ complexity, the creators made several mistakes, the New York Times reported, including leaving an IP address and geolocation coordinates embedded in the software, which Check Point said revealed likely ties to the Egyptian government.
The incriminating information could have been part of a false flag operation, but was probably left in the software accidentally. The campaign’s scale, duration, and targets also seemed to point to a government actor, the report said.
At least two of the targets were arrested following anti-government protests last month.
Check Point’s investigation was sparked by a report by the Amnesty International rights group saying that Egyptian rights activists had been targeted in a phishing campaign.
Of the 33 targets, at least some were Egyptians living in the US, Canada and the UK.