On Monday, researchers at cybersecurity giant Kaspersky published a report identifying a new spyware called Dante that targeted Windows victims in Russia and neighboring Belarus. The report links Dante to Memento Labs, a Milan-based surveillance technology company formed in 2019 after acquiring the notorious spyware maker Hacking Team.

Memento’s chief executive Paolo Lezzi confirmed to TechCrunch that the spyware analyzed by Kaspersky is indeed one of their products. He blamed a government client for using an outdated Windows version of Dante, emphasizing that support for this malware would end within the year. Lezzi claimed he was not certain which customer was responsible but said Memento warned all clients of Kaspersky’s discovery of Dante since December 2024 and that further notifications would be sent to discontinue use.

Dante Spyware, Customer Exposure, and Hacking Team’s Legacy

Currently, Lezzi stated that Memento only develops spyware for mobile platforms and some zero-days, although most exploits are sourced externally. He differentiated between their products by specifying that Memento did not develop the exploited Chrome zero-day used in recent attacks. Meanwhile, Kaspersky highlighted in its report how Dante’s code contained the unique marker “DANTEMARKER”—a direct clue tying it to Memento. This name followed the company’s established tradition, as earlier Hacking Team spyware referenced Italian historical figures like Leonardo Da Vinci and Galileo Galilei.

Kaspersky refrained from directly naming the government behind the recent espionage campaign, but indicated the attacker displayed strong Russian language skills, yet occasional non-native errors. This campaign, attributed to a group called “ForumTroll,” targeted a wide set of Russian industries, including media outlets, universities, and government bodies. According to Kaspersky, attackers enticed targets with invites to the Russian politics and economics forum Primakov Readings.

The Dante discovery followed a “wave” of cyberattacks involving phishing links, leveraging a then-unknown security flaw in Chrome. Kaspersky concluded Memento had improved legacy Hacking Team spyware until 2022, then replaced it with Dante, though traces from earlier code may still remain. The company’s transparency about product names and code markers facilitated Kaspersky’s identification of the spyware’s heritage.

Hacktivist Breach, Reputation, and Ongoing Surveillance Market

In 2019, Paolo Lezzi acquired Hacking Team, rebranded it to Memento Labs, and set out to overhaul the company’s culture and operations. At the moment of acquisition, Hacking Team had dropped from 40 government clients in 2015 to only three, a decline triggered by a large hack led by Phineas Fisher. This hack resulted in 400GB of leaked internal data, exposing contracts, source code, and sensitive emails. The breaches revealed Hacking Team’s sales to governments with histories of human rights abuses, and their spyware’s use against journalists and dissenters in countries like Ethiopia, Morocco, and the United Arab Emirates.

Lezzi has not disclosed Memento’s current client count, but said it remains under 100, and only two Hacking Team employees now work for Memento. The Dante discovery, according to Citizen Lab’s John Scott-Railton, confirms that surveillance technology keeps proliferating despite scandals and scandals or company collapses. A company’s old, tarnished legacy can resurface through a new brand and fresh spyware, reiterating the ever-present risk and need for consequences in the surveillance industry. Scott-Railton highlighted that even the most infamous and exposed brands in cybersecurity can leave a lasting mark.

Tags: spyware, Memento Labs, Dante, Kaspersky, Hacking Team, survejim qeveritar