Ethiopia: Regime targets dissidents, media abroad using commercial spyware

by Engidu Woldie

ESAT News (December 6, 2017)

A new report revealed that the Ethiopian regime continues to spy on dissidents and media outlets abroad using a commercial spyware.

According to a report by the Citizen Lab, targets include a US-based Ethiopian diaspora media outlet, the Oromia Media Network (OMN), a PhD student, and a lawyer. Citizen lab says one of its staff members were also targeted.

Dissidents in US, UK, Africa, Australia, Middle East and Japan among others were also targeted with emails containing sophisticated commercial spyware posing as Adobe Flash updates and PDF plugins, according to Citizen Lab. Eritrean government offices and companies were also targeted.

“We saw the spyware’s operators connecting from Ethiopia, and infected computers connecting from IP addresses in 20 countries, including IP addresses we traced to Eritrean companies and government agencies,” the Citizen Lab’s report said.

The report says the Ethiopian regime uses a commercial spyware product offered by Cyberbit — an Israel-based cybersecurity company to conduct a campaign of targeted malware attacks carried out by Ethiopian regime from 2016 until the present.

“In the attacks we document, targets receive via email a link to a malicious website impersonating an online video portal. When a target clicks on the link, they are invited to download and install an Adobe Flash update (containing spyware) before viewing the video. In some cases, targets are instead prompted to install a fictitious app called “Adobe PdfWriter” in order to view a PDF file. Our analysis traces the spyware to a heretofore unobserved player in the commercial spyware space: Israel’s Cyberbit, a wholly-owned subsidiary of Elbit Systems. The spyware appears to be a product called PC Surveillance System (PSS), recently renamed PC 360.”

In 2015 the Ethiopian regime, through its spy agency, the Information Network Security Agency (INSA), had targeted journalists working at the Ethiopian Satellite Television and Radio (ESAT). The regime had also previously targeted dissidents using FinFisher’s FinSpy spyware.