SYMBOLCOMMON_NAMEaka. SYNONYMS

Hacking Team  (Back to overview)


The many 0-days that had been collected by Hacking Team and which became publicly available during the breach of their organization in 2015, have been used by several APT groups since. Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world. The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device’s webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments – an allegation it has consistently denied. When the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data – including the once-secret list of customers, internal communications, and spyware source code – leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future. Following the hack, the security community has been keeping a close eye on the company’s efforts to get back on its feet. The first reports suggesting Hacking Team’s resumed operations came six months later – a new sample of Hacking Team’s Mac spyware was apparently in the wild. A year after the breach, an investment by a company named Tablem Limited brought changes to Hacking Team’s shareholder structure, with Tablem Limited taking 20% of Hacking Team’s shareholding. Tablem Limited is officially based in Cyprus; however, recent news suggests it has ties to Saudi Arabia.


Associated Families
win.rcs

References
2020-07-21ViceLorenzo Franceschi-Bicchierai
@online{franceschibicchierai:20200721:worlds:666e813, author = {Lorenzo Franceschi-Bicchierai}, title = {{'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools}}, date = {2020-07-21}, organization = {Vice}, url = {https://www.vice.com/en_us/article/jgxvdx/jan-marsalek-wirecard-bizarre-attempt-to-buy-hacking-team-spyware}, language = {English}, urldate = {2020-07-30} } 'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools
RCS
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2019-11-20360admin001
@online{admin001:20191120:shadow:49b26ff, author = {admin001}, title = {{Shadow of the Circle Hovering Over Central Asia - The Golden Eagle (APT-C-34) Organizing Attack Revealed}}, date = {2019-11-20}, organization = {360}, url = {http://blogs.360.cn/post/APT-C-34_Golden_Falcon.html}, language = {English}, urldate = {2020-01-10} } Shadow of the Circle Hovering Over Central Asia - The Golden Eagle (APT-C-34) Organizing Attack Revealed
RCS APT-C-34
2019-01Virus BulletinFilip Kafka
@online{kafka:201901:vb2018:7d81852, author = {Filip Kafka}, title = {{VB2018 paper: From Hacking Team to hacked team to...?}}, date = {2019-01}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-hacking-team-hacked-team/}, language = {English}, urldate = {2020-01-13} } VB2018 paper: From Hacking Team to hacked team to...?
RCS
2018-03-09ESET ResearchFilip Kafka
@online{kafka:20180309:new:9d79d4b, author = {Filip Kafka}, title = {{New traces of Hacking Team in the wild}}, date = {2018-03-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/}, language = {English}, urldate = {2019-11-14} } New traces of Hacking Team in the wild
RCS Hacking Team
2017-08-25Kaspersky LabsJuan Andrés Guerrero-Saade, Costin Raiu
@techreport{guerrerosaade:20170825:walking:040671b, author = {Juan Andrés Guerrero-Saade and Costin Raiu}, title = {{Walking in your Enemy's Shadow: When Fourth-Party Collection becomes Attribution Hell}}, date = {2017-08-25}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf}, language = {English}, urldate = {2022-10-06} } Walking in your Enemy's Shadow: When Fourth-Party Collection becomes Attribution Hell
NetTraveler RCS WannaCryptor Dancing Salome
2017-04F-SecureF-Secure Labs
@techreport{labs:201704:callisto:5e97cb4, author = {F-Secure Labs}, title = {{CALLISTO GROUP}}, date = {2017-04}, institution = {F-Secure}, url = {https://www.f-secure.com/content/dam/f-secure/en/labs/whitepapers/Callisto_Group.pdf}, language = {English}, urldate = {2022-03-31} } CALLISTO GROUP
RCS Callisto
2015-07-05ViceLorenzo Franceschi-Bicchierai
@online{franceschibicchierai:20150705:spy:30cea5b, author = {Lorenzo Franceschi-Bicchierai}, title = {{Spy Tech Company 'Hacking Team' Gets Hacked}}, date = {2015-07-05}, organization = {Vice}, url = {https://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked}, language = {English}, urldate = {2019-10-14} } Spy Tech Company 'Hacking Team' Gets Hacked
Hacking Team
2014-04-21WikipediaVarious
@online{various:20140421:hacking:648b7ca, author = {Various}, title = {{Hacking Team}}, date = {2014-04-21}, organization = {Wikipedia}, url = {https://en.wikipedia.org/wiki/Hacking_Team}, language = {English}, urldate = {2020-01-08} } Hacking Team
Hacking Team
2012-12-07Contagiodump BlogMila Parkour
@online{parkour:20121207:aug:d59b277, author = {Mila Parkour}, title = {{Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT}}, date = {2012-12-07}, organization = {Contagiodump Blog}, url = {http://contagiodump.blogspot.com/2012/12/aug-2012-w32crisis-and-osxcrisis-jar.html}, language = {English}, urldate = {2019-12-20} } Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT
Crisis RCS
2012-08-20SymantecTakashi Katsuki
@online{katsuki:20120820:crisis:60cb26b, author = {Takashi Katsuki}, title = {{Crisis for Windows Sneaks onto Virtual Machines}}, date = {2012-08-20}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines}, language = {English}, urldate = {2020-01-10} } Crisis for Windows Sneaks onto Virtual Machines
Crisis RCS
2012-07-24The Mac Security BlogLysa Myers
@online{myers:20120724:new:2dbd887, author = {Lysa Myers}, title = {{New Apple Mac Trojan Called OSX/Crisis Discovered}}, date = {2012-07-24}, organization = {The Mac Security Blog}, url = {https://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/?}, language = {English}, urldate = {2020-01-09} } New Apple Mac Trojan Called OSX/Crisis Discovered
Crisis RCS

Credits: MISP Project