Over the last three years, our visibility into the threat landscape of civil society organizations and human rights NGOs has led to a number of discoveries about how various threat actors are engaging in espionage against civilian targets. Attacks in this area are often overlooked by AV and security companies due to the low resources available to civil society for expensive security solutions by big-name vendors.
In this talk, we will describe a few malware families that are actively being developed and used for the purpose of monitoring human rights activists and NGO workers. More importantly, we will cover in detail the ways that the individual threats were found, how they are strongly interconnected, and how they can be likely attributed to a single actor. We will also describe how we do this research as a small group and how civil society groups can protect themselves from threats with minimal resources.