Surveillance Actor in Libya; Senegal Turns to VPNs

and other infosec stories from across Africa

Surveillance actor in Libya

Last week, Checkpoint reported on a previously undocumented surveillance campaign in Libya called "Stealth Soldier." The campaign utilizes phishing attacks from domains that appear to belong to the Libyan government. Victims are deceived into downloading malicious code, which collects and sends data from their infected devices to the campaign's operators.

Stealth Soldier enables surveillance capabilities such as gathering browser credentials, logging keystrokes, recording microphone audio, taking screenshots, uploading files, and running other commands. Checkpoint is monitoring three versions (version 6, 8, and 9) of Stealth Soldier, which shares similarities with the "Eye on The Nile" campaign used for spying on journalists and activists in Egypt in 2019.

Both Egypt and Sudan have a history of using surveillance due to their authoritarian regimes. Executives of Nexa Technologies, a former surveillance provider firm that has now shifted to cyber defense, were indicted in 2021 for their involvement in authoritarian surveillance in both countries.

Senegal turns to VPNs

In response to heavy internet restrictions imposed by the Senegal government earlier this month, the use of virtual private networks (VPNs) in the country has surged by as much as 60,399%, according to VPN usage tracking websites.

The ongoing restrictions, implemented since June 2, continue to severely impact businesses and communication efforts. While VPNs enable users to access blocked platforms like Facebook, Twitter, and WhatsApp, they cannot bypass the frequent mobile internet blackouts.

Big Picture Stuff

• China's influence on Africa's internet is exemplified by a Chinese investor's potential ability to destabilize Afrinic, the continent's internet address provider. This case is seen as part of a broader pattern of China's "colonization" of Africa's internet.

• An in-depth analysis focuses on the presence and activities of disinformation warlords in Cameroon.

• South Africa is investing in a digital identity platform, Secure Citizen, to combat rising identity fraud. The platform verifies identities both online and offline, and is blueprint to fighting identity fraud.

• The case for why Kenya (and lierally any country) needs to store its data locally.

• What is the role of commercial companies in African cybersecurity?

Headlines

• Showmax passwords for over 27,000 accounts leaked online. — MyBroadband

• Nigeria's fintech stakeholders call for a more secure ecosystem. — Voice of Nigeria

• Nigeria issues 25 new Telco licenses. — Guardian Nigeria

• Kenya is getting a new digital identifier. — TechInAfrica

• Benin's Cybercrime Repression Office apprehends Bohicon's biggest cybercriminal. — Le Manital

• A meetup in Paris organized by the Club of Experts in Cybersecurity Information in Africa (CESIA). — Africa Cybersecurity Magazine.

Quote of the Week

“Important: The activity observed in Operation Triangulation does not overlap with already known iOS campaigns, such as Pegasus, Predator or Reign.”

- Eugene Kapersky, on the discovery of Triangulation, an iOS targeted malware campaign.

Across the World

• Crypto wants to be the world's next finance, but it needs to fix its security problems first. - Inkstick Media

• A new malware campaign targeting iOS devices. - Kaspersky

Post Note

I’ve been on the road/makeshift vacation, so I almost did not write this issue. Wrote it, but as you might have noticed, i rushed through it a little.

Remember to share and see you next week!