"Egyptian presidential hopeful targeted by Predator spyware" 23 September 2023

A prominent Egyptian opposition politician who plans to challenge President Abdel Fatah El-Sisi in elections expected early next year was targeted with a previously unknown “zero-day” attack in an effort to infect his phone with Predator spyware, according to new research by Google and the University of Toronto’s Citizen Lab...

...Citizen Lab said it had “high confidence” that the Egyptian government was responsible for the failed hacking attempt. The effort targeted journalist and former member of parliament Ahmed Eltantawy and was first reported by Mada Masr, an independent Egyptian news organization...Zero-day exploits are particularly dangerous and valuable because they take advantage of as-yet-undiscovered security gaps. In this case, Eltantawy would not have had to click on anything to be infected...

...In July, the Biden administration blacklisted Cytrox, which makes Predator, and Intellexa, the business alliance to which Cytrox belongs, by adding them to the Commerce Department’s “entity list,” which places harsh licensing and trade restrictions on them. The administration said they trafficked “in cyber exploits used to gain access to information systems, thereby threatening the privacy and security of individuals and organizations worldwide.”..

...Citizen Lab said it had “high confidence” that the attacker used Sandvine’s PacketLogic program to redirect Eltantawy’s browser and that it was the first time they had seen a zero-day exploit delivered in this fashion...Sandvine did not respond to requests for comment...

The attack on Eltantawy would have required PacketLogic to be installed on the network belonging to Eltantawy’s communications provider, Vodafone Egypt. While Citizen Lab did not allege that Vodafone was complicit in the attack, Marczak said that the “easiest” way to install PacketLogic on the Vodafone network would be with Vodafone’s cooperation...Vodafone Egypt did not respond to requests for comment...