Memento Labs is the direct successor to Hacking Team, the Italian mercenary spyware vendor founded in 2003 in Milan by David Vincenzetti and made notorious by the massive July 2015 leak that exposed 400 gigabytes of internal documents on WikiLeaks. Following the leak, Hacking Team attempted several reorganisations under the names HT S.r.l. and InTheCyber before being acquired in 2019 by InTheCyber Group, which renamed the entity Memento Labs. The company continues to market a successor to its Remote Control System product, now sold under various commercial names depending on the client. Documented as active in 2024 and 2025 by The Bureau of Investigative Journalism and Forbidden Stories.
What it means in practice
Memento Labs sells the successor to Galileo, the Hacking Team flagship product of the 2010 to 2015 era. The platform targets Windows, macOS, Linux, iOS, and Android, providing audio, video, screenshot, file, location, and keystroke capture. The product is positioned for lawful intercept use by law enforcement and intelligence agencies, with a small reseller network covering Europe, the Middle East, and parts of Latin America. The Italian captatori legal framework governs domestic use of comparable products by Italian prosecutors and intelligence services.
Specific things to know
The 2015 Hacking Team leak documented sales to Sudan, Bahrain, Ethiopia, Kazakhstan, Saudi Arabia, Egypt, and other governments whose human rights records made the contracts politically embarrassing. The company’s post-2015 restructuring did not change its underlying customer relationships, and TBIJ’s 2024 reporting traced ongoing Memento Labs contracts with customers in similar geographies. Vincenzetti himself remained associated with the successor entities through transitional arrangements, though the public spokespeople have changed across reorganisations.
Change today
The Memento Labs case is the operational definition of why ownership history matters in the commercial spyware market. A leaked vendor does not disappear; it is reorganised, sold, and resold, with the same engineering team and the same customer book. For targets, the operational answer is that the brand on the contract is less relevant than the underlying capability set, and capability sets in this market are remarkably stable across rebrands and ownership changes.
Related articles
See our coverage of the 2015 Hacking Team leak, Italian captatori law, and the spear-phishing defence playbook for journalists.
