CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware

In a recent development, cybersecurity firm Kaspersky revealed the existence of a new spyware named Dante, which reportedly targets Windows users in Russia and Belarus. This spyware is produced by Memento Labs, a surveillance technology company based in Milan that emerged in 2019 after acquiring the notorious Hacking Team. Paolo Lezzi, the CEO of Memento Labs, confirmed to TechCrunch that the Dante spyware identified by Kaspersky is indeed a product of his company. During a discussion, Lezzi attributed the exposure of Dante to one of Memento's government clients, who he claimed was using an outdated version of the spyware, which will no longer be supported after this year. "They clearly used an agent that was already dead," Lezzi stated, using the technical term for the spyware installed on targeted computers. He expressed surprise that this government client was still utilizing the software, stating, "I thought they didn’t even use it anymore." Lezzi admitted uncertainty regarding which specific government entity was implicated but noted that Memento had urged all its clients to cease using the Windows malware. He mentioned that the company had been aware of Kaspersky's detection of Dante spyware since December 2024 and plans to issue another reminder to customers about discontinuing its use. Currently, Memento Labs focuses on developing spyware for mobile platforms and is involved in creating zero-day exploits — vulnerabilities unknown to the software vendor that can be exploited to deliver spyware. However, Lezzi indicated that most of these exploits are sourced from external developers. Kaspersky's spokesperson, Mai Al Akka, refrained from identifying the government allegedly behind the espionage activities but noted that the group demonstrates a strong command of the Russian language and familiarity with local contexts, traits characteristic of other campaigns linked to government-backed threats. Nevertheless, some errors in the attacks suggested that the perpetrators might not be native speakers. Kaspersky's report also documented a hacking group utilizing the Dante spyware, referred to as "ForumTroll," which targeted individuals associated with the Russian political and economic forum, Primakov Readings. The cybercriminals aimed at a diverse array of sectors within Russia, including media, educational institutions, and government bodies. The unveiling of the Dante spyware correlated with a surge of cyberattacks exploiting a zero-day vulnerability in the Chrome browser, although Lezzi clarified that this particular exploit was not developed by Memento. According to Kaspersky, the spyware developed by Hacking Team was continually improved upon until 2022, when it was replaced by Dante. Lezzi acknowledged that remnants of the original spyware might still exist within Dante. A significant clue linking the spyware to Memento was the presence of "DANTEMARKER" embedded in its code, explicitly referencing the Dante name previously disclosed by Memento at a surveillance tech conference. Memento’s approach mirrors that of Hacking Team, which had named its spyware after historical Italian figures. Lezzi acquired Hacking Team for just one euro, aiming to completely revamp the company's tarnished reputation. At that time, Hacking Team had drastically reduced its client base from over 40 government customers in 2015 to merely three, following a high-profile hack that exposed extensive internal documents and contracts. Though Lezzi declined to disclose the current number of Memento's customers, he hinted that it is fewer than 100, with only two employees remaining from the original Hacking Team staff. The resurgence of spyware like Dante highlights the ongoing proliferation of surveillance technology, as noted by John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab. He emphasized the need for vigilance against such technologies, reflecting on how a controversial company can seemingly resurrect from its past failures.