Kaspersky has uncovered a sophisticated spyware operation titled Dante, said to be targeting Windows users in Russia and Belarus. It was also found out that the Italian surveillance technology firm Memento Labs created Dante in 2019 after it bought the notorious spyware vendor Hacking Team.
Kaspersky's analysis reveals that this sophisticated spyware compromised several sectors, such as media, educational institutions, and government organizations. The ForumTroll group used the bait of false invitations for a well-known Russian political and economic conference, Primakov Readings.
Memento Labs Affirms Spyware's Origin But Faults Clients
In an interview with TechCrunch, Memento Labs CEO Paolo Lezzi confirmed that Dante was owned by his company but faulted one of their government clients for the leak. He said that the spyware detected by Kaspersky was an old version that Memento had advised clients to abandon.
"Clearly, they used an agent that was already dead. I thought [the government customer] didn't even use it anymore."
Trail of Digital Espionage and a Notorious Legacy
Memento Labs' checkered past can be traced to Hacking Team, a spyware company notorious for trading in espionage tools to governments with alleged human rights records.
In 2015, the firm experienced a catastrophic data leak by hacktivist Phineas Fisher, which unveiled internal emails, contracts, and source code showing that its clients included Ethiopia, Morocco, and Saudi Arabia.
Following the hack, Hacking Team fell apart under international pressure. Lezzi purchased the business for a token euro, renaming it Memento Labs with a vow to restore its image. But recent developments indicate that remnants of the original spyware, such as Dante, continue to exist, years after restructuring.
Kaspersky's Findings Uncover Old Ghosts in New Code
Kaspersky researchers also found that the spyware had the code marker "DANTEMARKER," directly connecting it with Memento Labs. In their report, they concluded that Memento developed and refined the Hacking Team's inherited spyware until 2022, when Dante officially took over.
Kaspersky did not name the government behind the campaign but indicated that the attackers showed proficiency in fluent Russian and profound regional understanding, which indicates a local connection.
The Cycle of Surveillance Technology Continues
Experts say that the discovery of Dante confirms the relentless development of commercial spyware. Citizen Lab's John Scott-Railton said that even after previous scandals, there are still companies like Memento Labs thriving in new incarnations and with new tools.
Originally published on Tech Times
