The chief executive officer of Milan-based surveillance technology firm, Memento Labs, has acknowledged that one of its government clients was responsible for the recent exposure of its Windows spyware tool, known as Dante. The admission comes after cybersecurity company Kaspersky reported uncovering the malware in attacks targeting individuals and organizations in Russia and Belarus.

Kaspersky researchers identified Dante as a sophisticated spyware program linked to Memento Labs, which emerged in 2019 following the acquisition and rebranding of the controversial Italian spyware vendor, Hacking Team. In a conversation with TechCrunch, Memento Labs CEO Paolo Lezzi confirmed that the spyware detected by Kaspersky was indeed produced by the company.

Lezzi stated that the issue arose because one of Memento’s government clients continued using an outdated and unsupported version of the spyware. According to him, the company had previously warned customers about the detection of Dante infections as far back as December 2024.

“Clearly they used an agent that was already dead,” Lezzi said, suggesting the government client ignored instructions to discontinue use. He added that the company would once again notify all clients to fully stop the deployment of its Windows spyware products. Memento Labs currently focuses primarily on developing surveillance tools for mobile platforms and obtains many of its exploit capabilities from external developers.

Kaspersky declined to identify the government linked to the spyware activity but noted that the attackers demonstrated a strong understanding of Russian language and regional context. The group using the malware, labeled ForumTroll by Kaspersky, reportedly targeted individuals invited to high-level political and economic discussions in Russia, alongside media outlets, universities, and government institutions.

The exposure of Dante follows a wave of cyberattacks leveraging a previously unknown vulnerability in the Google Chrome browser. While Kaspersky connected these attacks to the spyware’s use, Memento Labs denied involvement in developing the specific Chrome exploit.

The spyware is believed to be an evolution of surveillance tools developed by Hacking Team, whose internal data and source code were leaked in 2015 after a high-profile breach. That hack revealed the company’s role in assisting governments accused of human rights abuses, including surveillance of journalists and political activists. Following the breach, Hacking Team’s reputation collapsed, leading to its eventual acquisition and restructuring under Memento Labs.

Lezzi declined to disclose the number of clients currently working with Memento but indicated it is fewer than 100, noting that only two former Hacking Team employees remain with the firm.

Cybersecurity experts say the case is a reminder that controversial surveillance technologies continue to evolve despite public scandal and regulatory scrutiny. John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, said the persistence of such tools underscores the need for stronger accountability.

“This shows that even after a major scandal and exposure, the business of spyware does not simply disappear,” he said. “We need to ensure real consequences for misuse—otherwise, the cycle repeats.”

Source: Techcrunch