Cybersecurity giant Kaspersky announced the detection of a new spyware called “Dante” in a report published on Monday. It was reported that the Dante spyware was targeting Windows users in Russia and neighboring Belarus. Researchers revealed that the Dante spyware was developed by Milan-based Memento Labs, which was founded in 2019 through the acquisition of the notorious spyware developer Hacking Team.

Memento Labs, which rose from the ashes of Hacking Team, was caught with the “Dante” software.

Following the news, Memento CEO Paolo Lezzi confirmed to foreign media that the spyware detected by Kaspersky was indeed Memento’s. Lezzi blamed a government customer using the spyware for the vulnerability. The CEO stated that the customer was using an outdated version of the Windows spyware and that Memento would discontinue support for it at the end of this year anyway.

Lezzi stated that the customer was “clearly using software that was already dead,” and that he believed the customer was no longer using the software. Lezzi added that he wasn’t sure which customer was caught, emphasizing that Memento had previously asked all its customers to stop using the Windows malware. The company also reportedly warned its customers that Kaspersky had been detecting Dante infections since December 2024.

Paolo Lezzi stated that Memento Labs’ current focus has shifted and they now develop spyware exclusively for mobile platforms. Lezzi added that the company has developed some zero-day exploits, but mostly outsources them to external developers.

Kaspersky spokesperson Mai Al Akka declined to comment on which government was behind the espionage. However, she noted that the attackers had “a strong command of Russian and local nuances,” but that occasional errors indicated they were not native Russian speakers. Kaspersky has identified a hacking group it calls “ForumTroll” that uses the Dante spyware. The group reportedly lured targets with invitations to a political and economic forum called “Primakov Readings.”

While European governments use encryption like Matrix for their own communications, Chat Control aims to breach citizens’ privacy.
Kaspersky stated that a wide range of people were targeted, including media organizations, universities, and government institutions in Russia. The Dante discovery came after the company detected phishing attacks exploiting a zero-day vulnerability in the Chrome browser. Memento CEO Lezzi, however, maintained that the Chrome vulnerability was not developed by them. The researchers stated that the word “DANTEMARKER” was left in the spyware’s code, a clear reference to the Dante name, which Memento had previously announced at a conference.

Memento, spyware, Kaspersky, Dante
This incident has brought Memento Labs’ controversial past back into the spotlight. Lezzi had announced in 2019 that he acquired Hacking Team for just one euro and planned to “start from scratch.” In 2015, Hacking Team was hacked by a hacker named Phineas Fisher, and 400 gigabytes of internal data were leaked. This leak revealed that the company sold software to countries known for human rights abuses and targeted journalists and dissidents.

John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, stated that this situation demonstrates the continued proliferation of espionage technologies. Scott-Railton emphasized that even if a controversial company “dies” after a major hack and scandals, it can still rise from the ashes with a new company and new spyware. What are your thoughts on the use of this type of spyware by governments?