{ "id": "d84a0c79-74d6-419a-b4b0-c2cc4c996629", "created_at": "2026-04-06T00:14:36.653645Z", "updated_at": "2026-04-10T13:13:04.935016Z", "deleted_at": null, "sha1_hash": "f481f94915a6a21d19582be2c9dd7f48eb8de798", "title": "Togo: Prominent activist targeted with Indian-made spyware linked to notorious hacker group", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 48874, "plain_text": "Togo: Prominent activist targeted with Indian-made spyware\r\nlinked to notorious hacker group\r\nPublished: 2021-10-07 · Archived: 2026-04-05 16:39:04 UTC\r\nTogolese activist targeted with spyware by the Donot Team hacker group.\r\nAmnesty International exposes links between the Donot Team attacks and Innefu Labs, a cybersecurity\r\ncompany based in India.\r\nFirst time Donot Team publicly linked to cyberattacks targeting activists outside of South Asia.\r\nSpyware-loaded emails and fake Android applications could access device’s camera and microphone, steal\r\nphotos and files, and read WhatsApp messages.\r\nActivists in Togo risk being targeted by shadowy cyber-mercenaries who use covert digital attacks to try and steal\r\nvictims’ private information to sell to private clients, a new Amnesty International investigation has uncovered.\r\nIn a new report released today, Amnesty International reveals how fake Android applications and spyware-loaded\r\nemails tied to the notorious Donot Team hacker group were used to target a prominent Togolese human rights\r\ndefender in an attempt to put them under unlawful surveillance. The discovery is the first time Donot Team\r\nspyware was found in attacks outside of South Asia. The investigation also discovered links between the spyware\r\nand infrastructure used in these attacks, and Innefu Labs, a cybersecurity company based in India.\r\nAcross the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of\r\nhuman rights defenders\r\nDanna Ingleton, Deputy Director of Amnesty Tech\r\nThe Togolese activist, who wishes to remain anonymous for security reasons, has a history of working with civil\r\nsociety organizations and is an essential voice for human rights in the country. Their devices were targeted\r\nbetween December 2019 and January 2020, during a tense political climate ahead of the 2020 Togolese\r\npresidential election.\r\n“Across the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of human rights\r\ndefenders,” said Danna Ingleton, Deputy Director of Amnesty Tech.\r\n“Anyone can be a target – attackers living hundreds of miles away can hack your phone or computer, watch where\r\nyou go and who you talk to, and sell your private information to repressive governments and criminals.”\r\nThe persistent attacks over WhatsApp and email tried to trick the victim into installing a malicious application that\r\nmasqueraded as a secure chat application. The application was in fact a piece of custom Android spyware\r\ndesigned to extract some of the most sensitive and personal information stored on the activist’s phone.\r\nThe spyware would have enabled attackers to access the camera and microphone, collect photos and files stored\r\non the device, and even read encrypted WhatsApp messages as they are being sent and received. The covert nature\r\nof such attacks makes it extremely difficult for activists to detect whether their devices have been compromised.\r\nhttps://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/\r\nPage 1 of 3\n\n“Having realized that this was an attempt at digital espionage, I felt in danger. I can’t believe that my work could\r\nbe so disturbing to some people that they would try to spy on me. I am not the only one working for human rights\r\nin Togo. Why me?”, the Togo-based human rights defender told Amnesty International.\r\nAmnesty International’s investigation uncovered a trail of technical evidence left by the attackers which identified\r\nlinks between the attack infrastructure and an Indian-based, Innefu Labs. The company which advertises digital\r\nsecurity, data analytics, and predictive policing services to law enforcement and armed forces and claims to work\r\nwith the Indian government.  Innefu Labs does not have a human rights policy and does not appear to carry out\r\nhuman rights due diligence – despite the enormous risks their products pose to civil society.  Amnesty\r\nInternational has observed additional evidence of Donot Team attacks against organizations and individuals across\r\nAsia, mostly concentrated in the north of India, Pakistan and Kashmir.\r\nActivists under attack\r\nThe space for human rights work in Togo has been shrinking – in 2019, the year preceding the presidential\r\nelection, Amnesty International documented the adoption of laws curtailing the rights to freedom of expression\r\nand peaceful assembly and cases of human rights violations committed by authorities, particularly against pro-democracy activists.    \r\nSeveral religious and opposition political figures in Togo have reportedly been targeted with digital surveillance\r\ntools. In August 2020, The Guardian and Citizen Lab revealed that two Catholic clergy members, Bishop Benoît\r\nAlowonou and Father Pierre Chanel Affognon had been targeted using a NSO Group-linked WhatsApp\r\nvulnerability.\r\nThe Pegasus Project, coordinated by Forbidden Stories with the technical support of Amnesty International’s\r\nSecurity Lab, earlier this year revealed that hundreds of Togolese numbers were listed as potential targets of NSO\r\nGroup’s Pegasus spyware. Those on the list included independent journalists and members of political opposition\r\ngroups.\r\nThe threat of targeted surveillance, whether real or not, can inflict a huge psychological toll on activists and cause\r\na devastating chilling effect on their human rights work. Little is known about the wild-west cyber surveillance\r\nindustry, despite Amnesty International’s and other civil society’s repeated requests for more transparency, and\r\neven less is known about the flourishing hacker-for-hire industry.\r\n“The surveillance industry is out of control with companies and cyber-mercenaries alike operating entirely in the\r\nshadows.”\r\n“Surveillance companies must stop putting profit over people and ensure repressive regimes are not using their\r\ntechnology to put a stranglehold on civil society,” said Danna Ingleton.\r\nAmnesty International is calling on:\r\nInnefu Labs to publish in full the findings of an external audit the company commissioned into links\r\nbetween its spyware tools and infrastructure used in the attack against the Togo activist. The company must\r\nalso implement a human rights policy.\r\nhttps://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/\r\nPage 2 of 3\n\nThe Indian government to investigate cyberattacks linked to Innefu Labs and take urgent action to ensure\r\nIndia-based surveillance companies are not involved in the targeting of activists – which is unambiguously\r\nillegal under international human rights law.\r\nThe Togolese government to ensure that everyone, including activists, is protected from human rights\r\nabuses, and to investigate and redress any harm caused by cyberattacks carried out by private sector actors.\r\nIn a written response to Amnesty International, Innefu Labs denied “the existence of any link whatsoever between\r\nInnefu Labs and the spyware tools associated with the ‘Donot Team’” and the attack against the human rights\r\nactivist in Togo. Innefu Labs also stated that they are not aware of any use of their IP address for the alleged\r\nactivities.\r\nThere is no evidence to suggest Innefu Labs had a direct involvement or knowledge of the targeting of the human\r\nrights defender in Togo using the Donot Team spyware tools. The activity linked to the Donot Team may involve\r\nmultiple distinct actors or organisations with access to the same custom spyware toolset and shared infrastructure.\r\nSource: https://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/\r\nhttps://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/" ], "report_names": [ "togo-activist-targeted-with-spyware-by-notorious-hacker-group" ], "threat_actors": [ { "id": "2ac63ef4-a7b8-4a30-96ad-b30ccb2073fc", "created_at": "2022-10-25T16:07:23.546262Z", "updated_at": "2026-04-10T02:00:04.651083Z", "deleted_at": null, "main_name": "Donot Team", "aliases": [ "APT-C-35", "Mint Tempest", "Origami Elephant", "SectorE02" ], "source_name": "ETDA:Donot Team", "tools": [ "BackConfig", "EHDevel", "Jaca", "yty" ], "source_id": "ETDA", "reports": null }, { "id": "cfdd350b-de30-4d29-bbee-28159f26c8c2", "created_at": "2023-01-06T13:46:38.433736Z", "updated_at": "2026-04-10T02:00:02.972971Z", "deleted_at": null, "main_name": "VICEROY TIGER", "aliases": [ "OPERATION HANGOVER", "Donot Team", "APT-C-35", "SectorE02", "Orange Kala" ], "source_name": "MISPGALAXY:VICEROY TIGER", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434476, "ts_updated_at": 1775826784, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f481f94915a6a21d19582be2c9dd7f48eb8de798.pdf", "text": "https://archive.orkl.eu/f481f94915a6a21d19582be2c9dd7f48eb8de798.txt", "img": "https://archive.orkl.eu/f481f94915a6a21d19582be2c9dd7f48eb8de798.jpg" } }