Nine human rights activists including those fighting the legal battle for release of the Bhima Koregaon 11 were targeted by a spyware called NetWire between January and October 2019, says a joint report by Amnesty International and Citizen Lab.
The activists received carefully crafted and personalized emails impersonating colleagues or loved ones. The emails carried malicious PDF files, clicking on which, activated a Windows spyware on their system, allowing hackers to monitor the actions and communications of the targets remotely.
Three of the activists targeted by NetWire were also spied upon by NSO Group’s Pegasus spyware in 2019. Unlike Pegasus spyware which targeted smartphones by exploiting a vulnerability in WhatsApp, which was later fixed by Facebook, in this case NetWire was used to target Windows PCs.
NetWire is a multi platform RAT (remote access trojan) and has been used for corporate espionage since it surfaced in 2012. Various researches into the spyware have found that once it infiltrates a device, it can steal credentials, record audio, log keystrokes, in addition to being used as a backdoor to a device.
It has been used by Nigerian scammers as well as Iranian cyber espionage groups. Between 2016 and 2017, it was used by Iranian cyber group APT33 as a backdoor to spy on US and Saudi Arabian organisations.
NetWire is commercially available and can be purchased on DarkWeb (part of the Internet that is not indexed by search engines) marketplaces.
According to Amnesty International, the activists targeted by NetWire included lawyers and activists Nihalsing B Rathod, Degree Prasad Chouhan, Yug Mohit Choudhary, and Ragini Ahuja. Academics Partho Sarothi Ray and PK Vijayan and Jagdalpur Legal Aid Group member Isha Khandelwal were also targeted.