[Source] (https://rus.azattyq.org/a/31916498.html)
The civil activist Inga Imanbai, the wife of the leader of the unregistered democratic party, Zhanbolat Mamaia, announced the discovery of the Hermit spy program in her phone, which, according to the Lookout Threat Lab researchers, used the Kazakhstan authorities.
“The authorities follow me through an expensive Italian spy program.The Lookout Anthspion program found Hermit virus on my phone.In the end, you are probably convinced that we are not criminals, aren’t we?Not only are five cars watching us, follow the phone for 24 hours, well, admit already that we are not criminals, let go of the janbolata! ”- Inga Imanbai wrote on her Facebook’e page.
On June 16, Lookout Threat Lab has said that she discovered a corporate level used by the Government of Kazakhstan within the country.According to the organization, the latest versions of this program were discovered in April 2022, three months after the January events.
“Our analysis shows that Hermit was not only directed to Kazakhstan, but also that this campaign is probably a representative of the national government.As far as we know, this is the first case of identifying the current client of mobile malware by RCS Lab, ”the Lookout Threat Lab report says.
Researchers also said that if this harmful software was detected in April of this year, the spy program was called Oppo.Service and impersoned the Chinese manufacturer of Oppo electronics.The website, which has used malicious software to mask its harmful activity, is an official OPPO support page in Kazakh, which has been disconnected since then.
“The versions used in Kazakhstan are related to the address C2 45.148.30 \ [. ] 122: 58442.However, the further analysis of the C2-server of the spy software showed that this IP address is used as a proxy for this C2 server at the address 85.159.27 \ [. ] 61: 8442.The real IP address C2 is under the jurisdiction of STS Telecom, a small Internet provider (ISP), working in Nur Sultan, the capital of Kazakhstan.Judging by the scattered online records, STS specializes in “other wired telecommunications” and cable television services, “it is written in the report of cybersecurity researchers.
The official comments of the Kazakhstan authorities regarding the study of Lookout Threat Lab and Inga Imanbai’s statements have not yet appeared.The press service of the government on June 27 informed Azattyk that they would clarify, “which is the issue of the issue of the issue.”
Lookout Threat Lab researchers believe that the spy on Hermit was developed by the Italian supplier of the spy in RCS Lab S.P.A and Tykelab SRL - a company engaged in telecommunication solutions, which is suspected of being a late company.
Hermit is a modular observation software that hides its harmful capabilities in packages loaded after its deployment.Hermit can record audio, make and redirect phone calls, as well as collect data as call logs, contacts, photographs, location of the device and SMS messages.
This spy software, presumably, spreads through SMS messages.
“Hermit is deceiving users, opening the legal web pages of brands that he gives up for himself, launching harmful actions in the background,” the researchers came to the conclusion.
It is reported that Hermit was created for Android devices, but the researchers mentioned the likelihood of a similar version for iOS.
In addition to Kazakhstan, the spy program of the RCS laboratory, according to Lookout Threat Lab, was used in Syria, Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.
The Lookout Threat Lab noted that the Hermit program is functionally similar to the Israeli Pegasus spy program.
In July last year, the media reported that officials, journalists, activists and businessmen of Kazakhstan were on the list of cyberseches using the PEGASUS spy software, which was developed by the Israeli company.In total, the “Kazakhstan sector” of the list of telephones, the investigators say about two thousand numbers.Journalists, human rights activists and activists called surveillance of a violation of human rights.PEGASUS Project said that Kazakhstan was most likely customers of surveillance, while in other countries, politicians probably monitored the special services of rival countries.
At that time, the position of first deputy administration of the President of Kazakhstan, Dauren Abaev, in response to the publication of the leak of information about the use of Pegasus, said: “We were given quite intriguing information without any evidence and simply offer us to believe in it.”