Circles, Cyber Espionage Group Worked with 25 Countries to Achieve their Agendas

In a recent report published by the University of Toronto’s Citizen Lab titled “Running in Circles: Uncovering the Clients of Cyber-espionage Firm” gave a detailed explanation of how the telecom surveillance company, Circles, has deployed its platforms across Africa, helping state security departments to snoop on communications of opposition, journalists, and protestors.

It’s worth noting that Circles is an important ally of Tel Aviv-based NSO Group, which became globally known last year for the Pegasus spyware scandal after it was reported to have been used to exploit a vulnerability in the popular WhatsApp app to spy on opposition organizers in several countries.

Going by the report, Citizen Lab used internet scanning and found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments. This scanning enabled security researchers to identify Circles deployments in at least 25 countries.

The governments of the following countries are likely to be a client of Circles: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (UAE), Vietnam, Zambia, and Zimbabwe.

Circles is already known for its selling systems to exploit SS7 vulnerabilities, and claims to sell this technology exclusively to nation-states and was founded in 2008, acquired in 2014 by Francisco Partners, and then merged with NSO Group. According to leaked documents, Circles customers can purchase a system that they connect to their local telecommunications companies’ infrastructure, or can use a separate system called the “Circles Cloud,” which interconnects with telecommunications companies around the world.

Earlier in March 2020 “The Guardian” reported that Saudi Arabia appeared to be “exploiting weaknesses in the global mobile telecommunications network to track citizens as they travel around the US.”

Documents filed as part of a lawsuit against NSO Group in Israel purport to show emails exchanged between Circles and several customers in the UAE. In 2015, IntelligenceOnline suggested that Circles started a bogus phone company called “Circles Bulgaria” to facilitate interceptions around the world.
Circle work in the same pattern as NSO Group and it is likely possible that its systems are all purchased by key actors in the Middle Eastern region too.