Names | Circles (real name) | |
Country | Israel | |
Motivation | Financial gain | |
First seen | 2015 | |
Description | (Citizen Lab) Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe. Circles is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Circles, whose products work without hacking the phone itself, says they sell only to nation-states. According to leaked documents, Circles customers can purchase a system that they connect to their local telecommunications companies’ infrastructure, or can use a separate system called the “Circles Cloud,” which interconnects with telecommunications companies around the world. According to the U.S. Department of Homeland Security, all U.S. wireless networks are vulnerable to the types of weaknesses reportedly exploited by Circles. A majority of networks around the globe are similarly vulnerable. Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments. This scanning enabled us to identify Circles deployments in at least 25 countries. While companies selling exploitation of the global cellular system tend to operate in secrecy, one company has emerged as a known player: Circles. The company was reportedly founded in 2008, acquired in 2014 by Francisco Partners, and then merged with NSO Group. Circles is known for selling systems to exploit SS7 vulnerabilities, and claims to sell this technology exclusively to nation-states. | |
Observed | Countries: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, UAE, Vietnam, Zambia, Zimbabwe. | |
Tools used | Circles. | |
Information | <https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/> |
Last change to this card: 06 January 2021
Download this actor card in PDF or JSON format
Previous: Boson Spider
Next: CoralRaider
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |