{"id":6850,"date":"2018-03-12T16:12:00","date_gmt":"2018-03-12T08:12:00","guid":{"rendered":"https:\/\/version-2.com\/?p=6850"},"modified":"2022-04-20T13:10:09","modified_gmt":"2022-04-20T05:10:09","slug":"new-traces-of-hacking-team-in-the-wild","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/","title":{"rendered":"New traces of Hacking Team in the wild"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\"\"<\/p>\n

Previously unreported samples of Hacking Team\u2019s infamous surveillance tool \u2013 the Remote Control System (RCS) \u2013 are in the wild, and have been detected by ESET systems in fourteen countries.<\/p>\n

Our analysis of the samples reveals evidence suggesting that Hacking Team\u2019s developers themselves are actively continuing the development of this spyware.<\/p>\n

From Hacking Team to Hacked Team to\u2026?<\/strong><\/p>\n

Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world.<\/p>\n

The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device\u2019s webcam and microphone. The company has been criticized for selling these capabilities to\u00a0authoritarian governments<\/a>\u00a0\u2013 an allegation it has consistently denied.<\/p>\n

When the tables turned in July 2015, with Hacking Team itself\u00a0suffering a damaging hack<\/a>, the reported use of RCS by oppressive regimes was\u00a0confirmed<\/a>. With 400GB of internal data \u2013 including the once-secret list of customers, internal communications, and spyware source code \u2013 leaked online, Hacking Team was forced to request its customers to\u00a0suspend all use of RCS<\/a>, and was left facing an uncertain future.<\/p>\n

Following the hack, the security community has been keeping a close eye on the company\u2019s efforts to get back on its feet. The first reports suggesting Hacking Team\u2019s resumed operations came six months later \u2013\u00a0a new sample of Hacking Team\u2019s Mac spyware<\/a>\u00a0was apparently in the wild. A year after the breach, an investment by a company named Tablem Limited brought changes to Hacking Team\u2019s shareholder structure, with Tablem Limited taking 20% of Hacking Team\u2019s shareholding. Tablem Limited is officially based in Cyprus; however, recent news suggests it has\u00a0ties to Saudi Arabia<\/a>.<\/p>\n

Having just concluded our research into another commercial spyware product,\u00a0FinFisher<\/a>, two interesting events involving Hacking Team occurred in close succession \u2013 the report about Hacking Team\u2019s apparent financial recovery and our discovery of a new RCS variant in the wild with a valid digital certificate.<\/p>\n

The spyware lives on<\/strong><\/p>\n

In the early stages of this investigation, our friends from\u00a0the Citizen Lab<\/a>\u00a0\u2013 who have a long record of keeping track of Hacking Team \u2013 provided us with valuable input that led to the discovery of a version of the spyware currently being used in the wild and signed with a previously unseen valid digital certificate.<\/p>\n

Our further research uncovered several more samples of Hacking Team\u2019s spyware created after the 2015 hack, all being slightly modified compared to variants released before the source code leak.<\/p>\n

The samples were compiled between September 2015 and October 2017. We have deemed these compilation dates to be authentic, based on ESET telemetry data indicating the appearance of the samples in the wild within a few days of those dates.<\/p>\n

Further analysis led us to conclude that all the samples can be traced back to a single group, rather than being isolated instances of diverse actors building their own versions from the leaked Hacking Team source code.<\/p>\n

One indicator supporting this is the sequence of digital certificates used to sign the samples \u2013 we found six different certificates issued in succession. Four of the certificates were issued by Thawte to four different companies, and two are personal certificates issued to Valeriano Bedeschi (Hacking Team co-founder) and someone named Raffaele Carnacina, as shown in the following table:<\/p>\n\n\n\n\n\n\n\n\n\n\n
Certificate issued to<\/th>\nValidity period<\/th>\n<\/tr>\n<\/thead>\n
Valeriano Bedeschi<\/td>\n8\/13\/2015 \u2013 8\/16\/2016<\/td>\n<\/tr>\n
Raffaele Carnacina<\/td>\n9\/11\/2015 \u2013 9\/15\/2016<\/td>\n<\/tr>\n
Megabit, OOO<\/td>\n6\/8\/2016 – 6\/9\/2017<\/td>\n<\/tr>\n
ADD Audit<\/td>\n6\/20\/2016 – 6\/21\/2017<\/td>\n<\/tr>\n
Media Lid<\/td>\n8\/29\/2016 – 8\/30\/2017<\/td>\n<\/tr>\n
Ziber Ltd<\/td>\n7\/9\/2017 – 7\/10\/2018<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The samples also have forged Manifest metadata \u2013 used to masquerade as a legitimate application \u2013 in common, appearing as \u201cAdvanced SystemCare 9 (9.3.0.1121)\u201d, \u201cToolwiz Care 3.1.0.0\u201d and \u201cSlimDrivers (2.3.1.10)\u201d.<\/p>\n

Our analysis further shows that the author(s) of the samples have been using VMProtect, apparently in an effort to make their samples less prone to detection. This was also common among pre-leak Hacking Team spyware.<\/p>\n

The connections among these samples alone could have originated with virtually any group re-purposing the leaked Hacking Team source code or installer \u2013 as was the case with Callisto Group in early 2016. We have, however, collected further evidence that ties these post-leak samples to Hacking Team\u2019s developers themselves.<\/p>\n

The versioning (which we accessed after overcoming VMProtect protection) observed in the analyzed samples continues where Hacking Team left off before the breach, and follows the same patterns. Hacking Team\u2019s habit of compiling their payloads \u2013 named Scout and Soldier \u2013 consecutively, and often on the same day, can also be seen across the newer samples.<\/p>\n

The following table shows the compilation dates, versioning and certificate authorities of Hacking Team Windows spyware samples seen between 2014 and 2017. Reuse of leaked source code by\u00a0Callisto Group<\/a>\u00a0is marked in red.<\/p>\n\n

\"\"<\/figure>\n\n

Furthermore, our research has confirmed that the changes introduced in the post-leak updates were made in line with Hacking Team\u2019s own coding style and are often found in places indicating a deep familiarity with the code. It is highly improbable that some other actor \u2013 that is, other than the original Hacking Team developer(s) \u2013 would make changes in exactly these places when creating new versions from the leaked Hacking Team source code.<\/p>\n

One of the subtle differences we spotted between the pre-leak and the post-leak samples is the difference in Startup file size. Before the leak, the size of the copied file is padded to occupy was 4MB. In the post-leak samples, this file copy operation is padded to 6MB \u2013 most likely as a primitive detection evasion technique.<\/p>\n\n

\"\"<\/figure>\n\n

Figure 1 \u2013 Startup file size copy changed from 4 MB pre-leak to 6MB post-leak<\/p>\n

We found further differences that fully convinced us of Hacking Team\u2019s involvement. However, the disclosure of these details could interfere with the future tracking of the group, which is why we choose not to publish them. We are, however, open to share these details with fellow researchers (for any inquiries contact us at threatintel@eset.com).<\/p>\n

The functionality of the spyware largely overlaps with that in the leaked source code. Our analysis so far has not confirmed the release of any significant update, as\u00a0promised<\/a>\u00a0by Hacking Team following the hack.<\/p>\n

As for the distribution vector of the post-leak samples we analyzed, at least in two cases, we detected the spyware in an executable file disguised as a PDF document (using multiple file extensions) attached to a spearphishing email. The names of the attached files contain strings likely aimed to reduce suspicion when received by diplomats.<\/p>\n\n

\"\"<\/figure>\n\n

Figure 2 \u2013 Investigation timeline<\/p>\n

Conclusion<\/strong><\/p>\n

Our research lets us claim with high confidence that, with one obvious exception, the post-leak samples we\u2019ve analyzed are indeed the work of Hacking Team developers, and not the result of source code reuse by unrelated actors, such as in the case of Callisto Group in 2016.<\/p>\n

As of this writing, our systems have detected these new Hacking Team spyware samples in fourteen countries. We choose not to name the countries to prevent potentially incorrect attributions based on these detections, since the geo-location of the detections doesn\u2019t necessarily reveal anything about the origin of the attack.<\/p>\n

IoCs<\/strong><\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n
ESET detection names<\/th>\n<\/tr>\n<\/thead>\n
Trojan.Win32\/CrisisHT.F<\/td>\n<\/tr>\n
Trojan.Win32\/CrisisHT.H<\/td>\n<\/tr>\n
Trojan.Win32\/CrisisHT.E<\/td>\n<\/tr>\n
Trojan.Win32\/CrisisHT.L<\/td>\n<\/tr>\n
Trojan.Win32\/CrisisHT.J<\/td>\n<\/tr>\n
Trojan.Win32\/Agent.ZMW<\/td>\n<\/tr>\n
Trojan.Win32\/Agent.ZMX<\/td>\n<\/tr>\n
Trojan.Win32\/Agent.ZMY<\/td>\n<\/tr>\n
Trojan.Win32\/Agent.ZMZ<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n
Samples signed by Ziber Ltd<\/th>\n<\/tr>\n<\/thead>\n
Thumbprint: 14 56 d8 a0 0d 8b e9 63 e2 22 4d 84 5b 12 e5 08 4e a0 b7 07<\/td>\n<\/tr>\n
Serial Number: 5e 15 20 5f 18 04 42 cc 6c 3c 0f 03 e1 a3 3d 9f<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
SHA-1 samples<\/th>\n<\/tr>\n<\/thead>\n
2eebf9d864bef5e08e2e8abd93561322de2ab33b<\/td>\n<\/tr>\n
51506ed3392b9e59243312b0f798c898804913db<\/td>\n<\/tr>\n
61eda4847845f49689ae582391cd1e6a216a8fa3<\/td>\n<\/tr>\n
68ffd64b7534843ac2c66ed68f8b82a6ec81b3e8<\/td>\n<\/tr>\n
6fd86649c6ca3d2a0653fd0da724bada9b6a6540<\/td>\n<\/tr>\n
92439f659f14dac5b353b1684a4a4b848ecc70ef<\/td>\n<\/tr>\n
a10ca5d8832bc2085592782bd140eb03cb31173a<\/td>\n<\/tr>\n
a1c41f3dad59c9a1a126324a4612628fa174c45a<\/td>\n<\/tr>\n
b7229303d71b500157fa668cece7411628d196e2<\/td>\n<\/tr>\n
eede2e3fa512a0b1ac8230156256fc7d4386eb24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n\n\n
C&Cs<\/th>\n<\/tr>\n<\/thead>\n
149.154.153.223<\/td>\n<\/tr>\n
192.243.101.125<\/td>\n<\/tr>\n
180.235.133.23<\/td>\n<\/tr>\n
192.243.101.124<\/td>\n<\/tr>\n
95.110.167.74<\/td>\n<\/tr>\n
149.154.153.223<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n
Samples signed by ADD Audit<\/th>\n<\/tr>\n<\/thead>\n
Thumbprint: 3e 19 ad 16 4d c1 03 37 53 26 36 c3 7c a4 c5 97 64 6f bc c8<\/td>\n<\/tr>\n
Serial Number: 4c 8e 3b 16 13 f7 35 42 f7 10 6f 27 20 94 eb 23<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n
SHA-1 samples<\/th>\n<\/tr>\n<\/thead>\n
341dbcb6d17a3bc7fa813367414b023309eb69c4<\/td>\n<\/tr>\n
86fad7c362a45097823220b77dcc30fb5671d6d4<\/td>\n<\/tr>\n
9dfc7e78892a9f18d2d15adbfa52cda379ddd963<\/td>\n<\/tr>\n
e8f6b7d10b90ad64f976c3bfb4c822cb1a3c34b2<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n\n
C&Cs<\/th>\n<\/tr>\n<\/thead>\n
188.166.244.225<\/td>\n<\/tr>\n
45.33.108.172<\/td>\n<\/tr>\n
178.79.186.40<\/td>\n<\/tr>\n
95.110.167.74<\/td>\n<\/tr>\n
173.236.149.166<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n
Samples signed by Media Lid<\/th>\n<\/tr>\n<\/thead>\n
Thumbprint: 17 f3 b5 e1 aa 0b 95 21 a8 94 9b 1c 69 a2 25 32 f2 b2 e1 f5<\/td>\n<\/tr>\n
Serial Number: 2c e2 bd 0a d3 cf de 9e a7 3e ec 7c a3 04 00 da<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n
SHA-1 samples<\/th>\n<\/tr>\n<\/thead>\n
27f4287e1a5348714a308e9175fb9486d95815a2<\/td>\n<\/tr>\n
71a68c6140d066ca016efa9087d71f141e9e2806<\/td>\n<\/tr>\n
dc817f86c1282382a1c21f64700b79fcd064ae5c<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n
SHA-1 samples<\/th>\n<\/tr>\n<\/thead>\n
27f4287e1a5348714a308e9175fb9486d95815a2<\/td>\n<\/tr>\n
71a68c6140d066ca016efa9087d71f141e9e2806<\/td>\n<\/tr>\n
dc817f86c1282382a1c21f64700b79fcd064ae5c<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n
C&Cs<\/th>\n<\/tr>\n<\/thead>\n
188.226.170.222<\/td>\n<\/tr>\n
173.236.149.166<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n
Samples signed by Megabit, OOO<\/th>\n<\/tr>\n<\/thead>\n
Thumbprint: 6d e3 a1 9d 00 1f 02 24 c1 c3 8b de fa 74 6f f2 3a aa 43 75<\/td>\n<\/tr>\n
Serial Number: 0f bc 30 db 12 7a 53 6c 34 d7 a0 fa 81 b4 81 93<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n\n\n\n
SHA-1 samples<\/th>\n<\/tr>\n<\/thead>\n
508f935344d95ffe9e7aedff726264a9b500b854<\/td>\n<\/tr>\n
7cc213a26f8df47ddd252365fadbb9cca611be20<\/td>\n<\/tr>\n
98a98bbb488b6a6737b12344b7db1acf0b92932a<\/td>\n<\/tr>\n
cd29b37272f8222e19089205975ac7798aac7487<\/td>\n<\/tr>\n
d21fe0171f662268ca87d4e142aedfbe6026680b<\/td>\n<\/tr>\n
5BF1742D540F08A187B571C3BF2AEB64F141C4AB<\/td>\n<\/tr>\n
854600B2E42BD45ACEA9A9114747864BE002BF0B<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n
C&Cs<\/th>\n<\/tr>\n<\/thead>\n
95.110.167.74<\/td>\n<\/tr>\n
188.226.170.222<\/td>\n<\/tr>\n
173.236.149.166<\/td>\n<\/tr>\n
46.165.236.62<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n
Samples signed by Raffaele Carnacina<\/th>\n<\/tr>\n<\/thead>\n
Thumbprint: 8a 85 4f 99 2a 5f 20 53 07 f8 2d 45 93 89 af da 86 de 6c 41<\/td>\n<\/tr>\n
Serial Number: 08 44 8b d6 ee 91 05 ae 31 22 8e a5 fe 49 6f 63<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n\n\n\n\n\n
SHA-1 samples<\/th>\n<\/tr>\n<\/thead>\n
4ac42c9a479b34302e1199762459b5e775eec037<\/td>\n<\/tr>\n
2059e2a90744611c7764c3b1c7dcf673bb36f7ab<\/td>\n<\/tr>\n
b5fb3147b43b5fe66da4c50463037c638e99fb41<\/td>\n<\/tr>\n
9cd2ff4157e4028c58cef9372d3bb99b8f2077ec<\/td>\n<\/tr>\n
b23046f40fbc931b364888a7bc426b56b186d60e<\/td>\n<\/tr>\n
cc209f9456f0a2c5a17e2823bdb1654789fcadc8<\/td>\n<\/tr>\n
99c978219fe49e55441e11db0d1df4bda932e021<\/td>\n<\/tr>\n
e85c2eab4c9eea8d0c99e58199f313ca4e1d1735<\/td>\n<\/tr>\n
141d126d41f1a779dca69dd09640aa125afed15a<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n
C&Cs<\/th>\n<\/tr>\n<\/thead>\n
199.175.54.209<\/td>\n<\/tr>\n
199.175.54.228<\/td>\n<\/tr>\n
95.110.167.74<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n
Samples signed by Valeriano Bedeschi<\/th>\n<\/tr>\n<\/thead>\n
Thumbprint: 44 a0 f7 f5 39 fc 0c 8b f6 7b cd b7 db 44 e4 f1 4c 68 80 d0<\/td>\n<\/tr>\n
Serial Number: 02 f1 75 66 ef 56 8d c0 6c 9a 37 9e a2 f4 fa ea<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n
SHA-1 samples<\/th>\n<\/tr>\n<\/thead>\n
baa53ddba627f2c38b26298d348ca2e1a31be52e<\/td>\n<\/tr>\n
5690a51384661602cd796e53229872ff87ab8aa4<\/td>\n<\/tr>\n
aa2a408fcaa5c86d2972150fc8dd3ad3422f807a<\/td>\n<\/tr>\n
83503513a76f82c8718fad763f63fcd349b8b7fc<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n
C&Cs<\/th>\n<\/tr>\n<\/thead>\n
172.16.1.206<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

About Version 2 Digital<\/h3>

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

About ESET<\/strong>
For 30 years, ESET\u00ae has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET\u2019s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24\/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single \u201cin-the-wild\u201d malware without interruption since 2003.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

Previously unreported samples of Hacking Team\u2019s infamou […]<\/p>","protected":false},"author":143524195,"featured_media":6855,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[131,40,61,102],"tags":[163,41],"class_list":["post-6850","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-v2","category-eset","category-press-release","category-year2018","tag-163","tag-eset"],"acf":[],"yoast_head":"\nNew traces of Hacking Team in the wild - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/version-2.com\/en\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New traces of Hacking Team in the wild - Version 2\" \/>\n<meta property=\"og:description\" content=\"Previously unreported samples of Hacking Team\u2019s infamou […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/version-2.com\/en\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-12T08:12:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-20T05:10:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/hacking_team-623x432-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"623\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"New traces of Hacking Team in the wild\",\"datePublished\":\"2018-03-12T08:12:00+00:00\",\"dateModified\":\"2022-04-20T05:10:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/\"},\"wordCount\":1799,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/hacking_team-623x432-1.jpg\",\"keywords\":[\"2018\",\"ESET\"],\"articleSection\":[\"Version 2 Limited\",\"ESET\",\"Press Release\",\"2018\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/\",\"name\":\"New traces of Hacking Team in the wild - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/hacking_team-623x432-1.jpg\",\"datePublished\":\"2018-03-12T08:12:00+00:00\",\"dateModified\":\"2022-04-20T05:10:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/#primaryimage\",\"url\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/hacking_team-623x432-1.jpg\",\"contentUrl\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/hacking_team-623x432-1.jpg\",\"width\":623,\"height\":432},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2018\\\/03\\\/new-traces-of-hacking-team-in-the-wild\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New traces of Hacking Team in the wild\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New traces of Hacking Team in the wild - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/version-2.com\/en\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/","og_locale":"en_US","og_type":"article","og_title":"New traces of Hacking Team in the wild - Version 2","og_description":"Previously unreported samples of Hacking Team\u2019s infamou […]","og_url":"https:\/\/version-2.com\/en\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/","og_site_name":"Version 2","article_published_time":"2018-03-12T08:12:00+00:00","article_modified_time":"2022-04-20T05:10:09+00:00","og_image":[{"width":623,"height":432,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/hacking_team-623x432-1.jpg","type":"image\/jpeg"}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"New traces of Hacking Team in the wild","datePublished":"2018-03-12T08:12:00+00:00","dateModified":"2022-04-20T05:10:09+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/"},"wordCount":1799,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/hacking_team-623x432-1.jpg","keywords":["2018","ESET"],"articleSection":["Version 2 Limited","ESET","Press Release","2018"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/","url":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/","name":"New traces of Hacking Team in the wild - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/#primaryimage"},"image":{"@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/hacking_team-623x432-1.jpg","datePublished":"2018-03-12T08:12:00+00:00","dateModified":"2022-04-20T05:10:09+00:00","breadcrumb":{"@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/#primaryimage","url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/hacking_team-623x432-1.jpg","contentUrl":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/hacking_team-623x432-1.jpg","width":623,"height":432},{"@type":"BreadcrumbList","@id":"https:\/\/version-2.com\/zh\/2018\/03\/new-traces-of-hacking-team-in-the-wild\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"New traces of Hacking Team in the wild"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/hacking_team-623x432-1.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-1Mu","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/6850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=6850"}],"version-history":[{"count":9,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/6850\/revisions"}],"predecessor-version":[{"id":48784,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/6850\/revisions\/48784"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media\/6855"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=6850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=6850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=6850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}