The CEO of spyware maker Memento Labs confirms that one of its government clients has been caught using its malware

Researchers at cybersecurity giant Kaspersky on Monday published a report outlining a new spyware called Dante that they say is targeting Windows victims in Russia and neighboring Belarus. The Dante spyware was made by Memento Labs, a Milan-based surveillance technology manufacturer that was founded in 2019 after a new owner acquired and acquired the first spyware company Hacking Team, the researchers said.

Memento CEO Paolo Lisi confirmed to TechCrunch that the spyware discovered by Kaspersky actually belongs to Memento.

In a call, Lezzi blamed one of the company’s government clients for the Dante exposure, saying the client used an outdated version of the Windows spyware that will no longer be supported by Memento by the end of this year.

“They obviously used an already dead client,” Lisi told TechCrunch, referring to “client” as the technical word for the spyware planted on the target’s computer.

“I believed [the government customer] “I don’t use it anymore,” Lizzie said.

Lezzi, who said he was not sure which of the company’s customers were caught, added that Memento has already asked all of its customers to stop using the Windows malware. Lezzi said the company has warned customers that Kaspersky has detected Dante spyware infections since December 2024. He added that Memento plans to send a letter to all of its customers on Wednesday again asking them to stop using the Windows spyware.

He also said that Memento is currently developing spyware for mobile platforms only. The company also develops some vulnerabilities — meaning there are security flaws in software unknown to the vendor that could be used to deliver spyware — though the company mostly gets its exploits from third-party developers, according to Lezzi.

When contacted by TechCrunch, Kaspersky spokeswoman Mai Al Akka would not say which government Kaspersky believes was behind the espionage campaign, but that it was “someone capable of using Dante software.”

“The group is distinguished by its strong command of the Russian language and knowledge of local nuances, traits that Kaspersky has observed in other campaigns related to this matter. [government-backed] to threaten. However, occasional errors indicate that the attackers were not native speakers.

Kaspersky said in its new report that it had found a hacking group using Dante spyware, which it refers to as “ForumTroll,” describing the targeting of people with invitations to attend the Russian politics and economics forum Primakov Readings. Kaspersky said the hackers targeted a wide range of industries in Russia, including media, universities and government organizations.

Kaspersky’s discovery of Dante came after the Russian cybersecurity company said it had detected a “wave” of cyberattacks with phishing links that were zero-day exploits in the Chrome browser. Lezzi said that Chrome Zero-day was not developed by Memento.

Kaspersky researchers concluded in their report that Memento “continued to improve” the spyware originally developed by Hacking Team until 2022, when the spyware was “replaced by Dante.”

Lisi admitted that it is possible that some “aspects” or “behaviors” of Memento’s Windows spyware were left over from spyware developed by Hacking Team.

A clear sign that the spyware discovered by Kaspersky belongs to Memento is that the developers left the word “DANTEMARKER” in the spyware code, an apparent reference to the name Dante, which Memento previously and publicly revealed at a surveillance technology conference, per Kaspersky.

Just like Memento’s Dante spyware, some versions of Hacking Team’s spyware, codenamed Remote Control System, are named after historical Italian figures, such as Leonardo da Vinci and Galileo Galilei.

A history of breakthroughs

In 2019, Lezzi purchased Hacking Team and rebranded it as Memento Labs. According to Lisi, he only paid one euro for the company and the plan was to start over.

“We want to change absolutely everything,” the Memento owner told Motherboard after the acquisition in 2019. “We’re starting from scratch.”

A year later, Hacking Team’s CEO and founder, David Vincenzetti, announced that Hacking Team was “dead.”

When he acquired Hacking Team, Lezzi told TechCrunch that the company only had three government clients remaining, a far cry from the more than 40 government clients Hacking Team had in 2015. That same year, a hacktivist named Phineas Fisher broke into the startup’s servers and took about 400 gigabytes of internal emails, contracts, documents, and the source code for its spyware.

Before the hack, Hacking Team operatives in Ethiopia, Morocco, and the United Arab Emirates were caught targeting journalists, critics, and dissidents using the company’s spyware. Once Phineas Fisher posted the company’s internal data online, journalists revealed that a Mexican regional government had used Hacking Team’s spyware to target local politicians, and that Hacking Team had sold its software to human rights-abusing countries, including Bangladesh, Saudi Arabia, Sudan, and others.

Lezzi declined to tell TechCrunch how many Memento customers currently have, but implied it was fewer than 100. He also said that there are only two current Memento employees left who are former Hacking Team employees.

The discovery of Memento’s spyware shows that this type of surveillance technology continues to spread, according to John Scott Railton, a senior researcher who has investigated spyware breaches for a decade at the University of Toronto’s Citizen Lab. It also appears

Also, a controversial company can die due to a spectacular hack and several scandals, yet a new company with brand new spyware can still emerge from its ashes.

“It tells us that we need to continue to fear the consequences,” Scott Railton told TechCrunch. “It says a lot that the echoes of the most radiant, embarrassing and penetrating brands are still there.”