The eye on the Nile: Egypt's civil society under attack

Wednesday 30 September 14:00 - 14:30, Green room

Aseel Kayal (Check Point Software Technologies)

Egyptian activists and journalists report and fight against human rights violations, only to face human rights violations themselves: they are often silenced, detained, tortured and imprisoned. Practising their freedom of expression becomes especially dangerous under a regime that is constantly wary of attempts to spark a second revolution. Therefore, it would not be surprising to see surveillance-motivated attacks trying to go after those targets.

This talk will discuss how an OPSEC mistake made by a state actor gave us a rare insight into their long-term malicious activity, and the methods they were using to keep a close eye on possible internal threats within Egypt. Among our findings were attempts to gain access to victims' inboxes and monitor their correspondences, mobile applications hosted on Google's Play Store and used to track victims' communications or location, and more.

We will start by reviewing our investigation into the attackers' infrastructure, and will then go over the different attack vectors and previously undisclosed malicious artifacts used in this operation. Lastly, we will share how we were able to find and reveal the identities of this campaign's high-profile targets, and the location of the headquarters from which we suspect the attackers are operating.



Aseel Kayal

Aseel is a malware analyst at Check Point Research. She joined Check Point as a security analyst in 2016. She received her Bachelor’s degree in computer science and English literature, and speaks Arabic, Hebrew and English.

Aseel’s research mainly focuses on threat groups and cyberattacks in the Middle East. Some of her work was presented at security conferences such as Virus Bulletin, Chaos Communication Congress, Botconf, and TheSASCon.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.