Hack of Egyptian presidential candidate’s iPhone tied to tech firm Sandvine

Ahmed Eltantawy, a prominent opposition politician, was repeatedly targeted with spyware between May and September after he announced his plans to run in Egypt’s 2024 presidential elections, according to an analysis from the University of Toronto’s Citizen Lab. After conducting a forensic examination of the device, the researchers concluded with “high confidence” that the Egyptian government was behind the attempted hacks.

His phone blocked the hacking attempts because it was in a “lockdown mode,” but it turned out he had been successfully infected two years earlier with a spyware known as Predator, manufactured by North Macedonian surveillance technology firm Cytrox, the researchers found. That hack was carried out via a text message containing a link to a Predator website, according to the researchers.

In the attempted hacks, Eltantawy was lured into clicking links contained in fake security alerts that purported to be from the messaging service WhatsApp. His phone was silently redirected to a malicious website, and spyware was supposed to be “injected” onto his phone with the help of technology sold by Sandvine, according to Citizen Lab’s report.

“The use of mercenary spyware to target a senior member of a country’s democratic opposition after they had announced their intention to run for president is a clear interference in free and fair elections,” Citizen Lab wrote in its report.

Sandvine “does not make, sell or collaborate with spyware or malware vendors,” according to an emailed statement provided to Bloomberg, which also said its products were not “capable of injecting malware or spyware.” The statement referred instead to a technique called “packet redirection,” which it said was a capability “sold by all…