Spyware campaign targets Turkish dissidents, research shows

Another instance of FinFisher has been spotted in the wild by digital rights advocacy group Access Now.

Spyware made by a notorious vendor has been used to target critics of the Turkish government via Twitter, according to digital rights advocacy group Access Now.

Attackers used spyware from FinFisher to target protestors focused on the Turkish government in 2017, Access Now said in a report. Hackers allegedly used Twitter-linked malicious websites to install spyware on activists’ phones.

The perpetrators used a “benign-looking mobile application” as cover for the FinFisher spyware, which was part of “a broad social engineering attack” against opponents of Turkey’s ruling party, the report stated.

“The broad and aggressive use of [the spyware] to target individuals involved in the March for Justice movement in Turkey provides a rare window into the current deployment of FinFisher,” Access Now said. “It gives us new clues and patterns of behavior of how social media is used in conjunction with the malware…” the organization added.


There is evidence that surveillance campaigns in Indonesia, Ukraine, and Venezuela used the same malware, according to Access Now.

Authoritarian governments have provided steady demand for spyware products as autocrats look to bend digital societies to their will. FinFisher spyware was one of the surveillance tools used in a broad cyber espionage campaign in the Middle East, according to recent research from Citizen Lab.

CyberScoop asked FinFisher for comment and will update this story if any is received. A website in the vendor’s name boasts of “leading offensive IT intrusion solutions” and work with intelligence agencies and law enforcement to fight crime and terror.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts