Cyber Ethiopia

FinSpy Software Used To Surveil Ethiopian Activists

Researchers found a version of FinSpy in Ethiopia that tricked users into downloading the spyware with photos of an Ethiopian political group, suggesting the government used the surveillance for political purposes, the report said.

A FinSpy campaign in Ethiopia uses pictures of Ginbot 7, an Ethiopian opposition group, as bait to infect users. This continues the theme of FinSpy deployments with strong indications of politically-motivated targeting.

We analyzed a recently acquired malware sample and identified it as FinSpy. The malware uses images of members of the Ethiopian opposition group,  Ginbot 7, as bait. The malware communicates with a FinSpy Command & Control server in Ethiopia, which was first identified by Rapid7 in August 2012. The server has been detected in every round of scanning, and remains operational at the time of this writing. It can be found in the following address block run by Ethio Telecom, Ethiopia’s state-owned telecommunications provider.

The malware communicates with a FinSpy Command & Control server in Ethiopia, which was first identified by Rapid7 in August 2012. The server has been detected in every round of scanning, and remains operational at the time of this writing. It can be found in the following address block run by Ethio Telecom, Ethiopia’s state-owned telecommunications provider.

IP: 213.55.99.74
route: 213.55.99.0/24
descr: Ethio Telecom
origin: AS24757
mnt-by: ETC-MNT
member-of: rs-ethiotelecom
source: RIPE # Filtered

Read the Full Report

Also read more at the Huffingfton Post

Short URL: http://cyberethiopia.com/2013/?p=106

Posted by on Mar 14 2013. Filed under News, Views and Opinions. You can follow any responses to this entry through the RSS 2.0. Both comments and pings are currently closed.

Comments are closed


Warka
Warka ዋርካ
the Pioneering Ethiopian Discussion
Forum in Amharic



The then-TPLF-dominated regime in Ethiopia was the first in sub-Saharan Africa to actively engage in political censorship of the Internet .

Since May 2006, the most popular Ethiopian web sites (including CyberEthiopia) and several blogs have been blocked across the nation. The apparent objective was to prevent the dissemination of information that is critical of the regime.

Following the political protests which have swept the nation since November 2015, the regime has routinely shutdown the Internet and restricted access to Social Media (including Facebook, Twitter, WhatsApp, Viber) and indicated its keenness to control Social Media.

On 22nd June 2018, the new Prime Minister Dr Abye Ahmed's government reported that it had unblocked 264 websites including CyberEthiopia.com after 12 years of blockage as attested by the OONI’s thorough verifications of our website’s unblocking .




Like CyberEthiopia on Facebook