Concurring to announcing by TechCrunch (October 28, 2025), the CEO of Token Labs affirmed that one of its government‑customers was caught utilizing its malware.
TechCrunch
+2
Cybersecurity Review
+2
Specifically: The spyware in address is called “Dante” and was connected to Token Labs through code clues (“DANTEMARKER”).
Moneycontrol
+1
The CEO (named as Paolo Lezzi in a few reports and somewhere else as Giacomo Bonaventura) freely recognized that the spyware had a place to Token Labs and that the abuse was by the client or maybe than being specifically brokered by the merchant.
CEO Today
+2
Cybersecurity Review
+2
The abuse allegedly included a government client utilizing a retired/older specialist of the spyware past its approved or planning utilize. As one article put it, “Clearly they utilized an operator that was as of now dead”.
Moneycontrol
Who, what, how
Who: Token Labs is an Italian‑based surveillance/spyware merchant.
Business & Human Rights Asset Centre
+1
It developed out of Hacking Group (which was exceptionally questionable for offering hacking apparatuses to governments).
Atlantic Council
+1
What: The apparatus “Dante” (for Windows, clearly) was connected to the firm and found focusing on clients in Russia and Belarus, per analysts at Kaspersky.
Cybersecurity Review
+1
How: Concurring to the examination, the bunch utilizing Dante tricked targets through phishing joins, misused browser vulnerabilities, and at that point conveyed the spyware to gather files/data from media, colleges, government workplaces.
Moneycontrol
+1
Why this matters
Governance & responsibility: This is a uncommon case of a spyware merchant conceding freely that a government client abused its instrument. In the surveillance‑tech industry, merchant Affirmations of abuse are exceptional.
CEO Today
+1
Legal/regulatory introduction: The affirmation opens up questions of trade controls, trade compliance, human‑rights chance, oversight of state‑buyer conduct. The European Union and other purviews progressively see at spyware trades as dual‑use/security devices.
CEO Today
+1
Reputational/market hazard: For Token Labs, being freely tied to a abuse may harm believe among potential clients (governments), as well as draw in investigation from respectful society, controllers and media.
CEO Today
+1
Broader industry flag: This highlights that indeed merchants that claim to offer as it were to true blue performing artists and for true blue purposes confront challenges in controlling how their instruments are utilized by state clients — and that the boundary between true blue law‑enforcement/intelligence utilize and mishandle is thin.
Open questions & caveats
Which government? The CEO did not title the particular government client in the freely accessible announcing.
TechCrunch
+1
Extent of abuse: It is vague how numerous operations or casualties were included, or whether the abuse was systemic or a one‑off. A few detailing proposes the specialist utilized was “already dead” (i.e., an obsolete adaptation) but that does not fundamentally constrain the affect.
Moneycontrol
Vendor obligation: The CEO set fault on the client for abuse, but from a legal/regulatory point of view, questions stay: what obligation does the seller have for checking clients, checking utilize, impairing devices if abused, and guaranteeing compliance with human‑rights / send out control laws? A few investigators contend sellers cannot essentially wash their hands at “we sold it and at that point it was misused.”
CEO Today
+1
Technical capability: Whereas Dante was connected to Token Labs for Windows frameworks, the CEO declared the company presently centers on portable spyware, not Windows. This may suggest a move in item technique and/or an endeavor at harm control.
Moneycontrol
Future dangers: If abuse is affirmed, there may be results: administrative examination, trade control fixing, reputational harm, drop in government contracts, conceivable sanctions. The seller may moreover move to fortify compliance and auditing.
Historical & corporate context
Memento Labs was shaped by securing of Hacking Group (which had been included in a 2015 gigantic spill of its inner reports, uncovering questionable deals to severe administrations).
Wikipedia
+1
Italy has developed as a critical center for commercial spyware merchants, in portion since its administrative environment is less prohibitive compared to a few other Western markets; this raises administration and oversight challenges.
The Record from Recorded Future
+1
The “spyware industry” is beneath expanding investigation from respectful society bunches, human‑rights bodies, export‑control controllers, and media examinations. This affirmation includes to that pressure.
Implications & what to watch
For governments: If you are a buyer of spyware apparatuses, due perseverance things more than ever: evaluate seller controls, contract clauses, utilization limitations, inspecting instruments, and the vendor’s eagerness to be transparent.
For sellers in this advertise: The trade show depending on mystery is beneath risk. Merchants may require to embrace more grounded compliance systems, clearer client‑agreements, observing of client‑usage, and straightforwardness almost abuse risks.
For gracious society & oversight bodies: This case gives a concrete illustration to thrust for more grounded legal/regulatory systems for commercial spyware: send out controls, authorizing, review commitments, rights securities, required announcing of misuse.
For financial specialists and markets: The reputational and administrative dangers tied to spyware sellers are fabric. This affirmation may influence future bargains, valuations, protections, export‑licence hazard, and may drive combination or exit of merchants from unsafe markets.
For casualties / security advocates: The case is however another update that governments obtaining reconnaissance instruments may abuse them, intentioned or not, and that seller responsibility and revelation are frail; endeavors to increment straightforwardness and change stay imperative.
0 Comments