Spyware startup Variston is losing staff, some say it’s closing
Reading Time: 4 minutesIn July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Windows Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits used to target those applications were zero-days, meaning the software makers were unaware of the bugs, according to Google.
More than a year later in November 2022, Google’s Threat Analysis Group, the company’s team that investigates government-backed threats, published a blog post analyzing those exploits and the Heliconia framework. Google’s researchers concluded that the code belonged to Variston, a Barcelona-based startup that was unknown to the public.
Another former Variston employee said that the code was sent to Google by a disgruntled company employee and that after it happened Variston’s name and secrecy were ‘burned.’
Google kept digging into Variston’s malware. In March 2023, the tech giant’s researchers found that spyware made by Variston was used in Kazakhstan, Malaysia, and the United Arab Emirates. Last week, Google reported that it found Variston hacking tools used against iPhone owners in Indonesia.
Now, according to four former employees and two people with knowledge of the spyware market, Variston is shutting down.
At the beginning of the 2010s, the public began to learn that there was a flourishing market where Western-based companies, such as Hacking Team, FinFisher, and NSO Group, were providing surveillance and hacking tools to countries and regimes all over the world with questionable or poor records of human rights, such as Ethiopia, Mexico, Saudi Arabia, the United Arab Emirates, and many others.
Since then, digital and human rights organizations like the Citizen Lab and Amnesty International have documented dozens of cases where government customers of these spyware makers were using those tools to hack and spy on journalists, dissidents, and human rights defenders.
In the last few years the offensive security industry has become more public and normalized. Some of these spyware makers and exploit developers openly advertise their services online, their employees disclose where they work on social media, and there are a few popular security conferences that openly cater to this industry, such as OffensiveCon and HexaCon.
Variston, however, has always tried to fly under the radar.
The company’s only public-facing information is a barebones website where it vaguely describes what it does.
‘Our toolset is built upon the vast cumulative experience of our consultants. It supports the discovery of digital information by [law enforcement agencies],’ reads Variston’s website, in what is the only short mention of its work as a spyware and exploit maker for government agencies.
Even Truel IT’s founders, who moved to work at Variston, do not disclose Variston as an employer on their LinkedIn profiles.
According to the former Variston employees, this level of secrecy also applied to the identity of the company’s customers — except for its special relationship with Protect, a company based in the United Arab Emirates city of Abu Dhabi.
‘Variston was a supplier of Protect,’ said a person with knowledge of Protect’s operations, who asked to remain anonymous because they were not authorized to speak to the press. ‘It was an important relationship for both for a while.’
The company’s work ‘was going to the UAE,’ and that Protect was ‘de-facto the only customer,’ according to former Variston employees.
At the beginning of 2023, Protect asked all Variston employees to move to Abu Dhabi. This is where Variston began to unravel, as most of Variston’s staff did not accept the proposal. The former employees said management gave them two choices: ‘move to Abu Dhabi or get fired,’ and that there would be no exceptions.
Protect bills itself as ‘a cutting edge cyber security and forensic company.’ Much like Variston, Protect says little else on its website about what the company does.
But Google’s security researchers believe that Protect, also known as Protect Electronic Systems, ‘combines spyware it develops with the Heliconia framework and infrastructure, into a full package which is then offered for sale to either a local broker or directly to a government customer.’
That would explain how Variston’s tools allegedly ended up being used in Indonesia, Kazakhstan, and Malaysia.
According to Intelligence Online, a trade publication that covers the surveillance and intelligence industry, Protect was launched after DarkMatter, a controversial UAE-based hacking company, was revealed to have employed Americans who then helped the UAE government spy on dissidents, political rivals, and journalists.
Wegener is a veteran of the spyware industry. According to Intelligence Online, Wegener runs several other companies, some based in Cyprus and also co-owned by Jayaraman. Wegener used to work at AGT, or Advanced German Technology, a surveillance provider founded in Berlin in 2001 with an office in Dubai. In 2007, along with Italian spyware maker RCS Lab, AGT worked with the Syrian government to develop a centralized real-time country-wide internet monitoring system, according to news reports based on leaked documents and research by non-profit Privacy International. Eventually, AGT did not provide the system to the Syrian government.
Five years after it was founded, Variston is not a secret startup anymore.
Three former employees said Google’s report in 2022 blew the lid on Variston’s secrecy. One of the employees said the Google report exposing Variston ‘might have been the beginning of the end’ for the spyware maker.
But another former Variston employee said the company — like other spyware makers — would have been exposed eventually. ‘It was bound to happen sooner or later,’ the person said. ‘It’s quite normal.’
Natasha Lomas contributed reporting.
An earlier version of this report misattributed Google’s discovery of Variston’s tools to Italy, due to an editor’s error. ZW.
Reference: https://techcrunch.com/2024/02/15/variston-spyware-losing-staff-some-say-closing/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG