The research group found out that UAE authorities used malware dubbed "Stealth Falcon" to attack almost 30 targets, including Rori Donaghy, a British journalist working for the Middle East Eye and a founder of the Emirates Center for Human Rights. Donaghy had previously been critical of UAE's human rights record.
Stealth Falcon — rudimentary, but effective spyware — had made their way to journalists and activists by means of "fake personas." In other words, the state hackers sent their targets emails or Tweets with links to documents that purported to contain news, but were actually malware-laden. Citizenlab managed to link several of these "personas" to the UAE's government, although the evidence is — so far — only circumstantial.
The fake identities taken by the hackers varied, being fine-tuned depending on who they were supposed to target. For instance, Donaghy received various malicious tweets and messages from an "Andrew Wright" — a fake profile saying he was as a journalist.
The UAE has been using Hacking Team and FinFisher spyware to target dissidents for years. https://t.co/OJ4nxOsrmv— Lorenzo Franceschi-B (@lorenzoFB) May 30, 2016
Many messages (and especially tweets) that spread the malware were accompanied by what Citizenlab called "bait words"- terms that lured in the targets, such as "torture", "human rights" and "rule of law."
In other cases, the malware managed to get access to the dissidents' computers through bogus URL shorteners, Java Scripts and corrupted Microsoft office documents.
In particular, Italian-engineered spyware was used to infect and monitor over 1100 devices, among which those of human right activist, Ahmed Mansoor.
The Milan-based company has recently been in the spotlight for selling hacking tools to repressive regimes, including Sudan and Egypt — it is even believed Egyptian intelligence could have used the company's software to monitor Italian student Giulio Regeni, who was mysteriously killed in Cairo some months ago.