Memento Labs
Memento Labs (formerly Hacking Team) · Italy
Confidence 5/5
Technical capabilities
Hacking Team’s flagship product RCS Galileo (Remote Control System) and the successor Da Vinci platform are mercenary spyware suites covering Windows, macOS, iOS, Android, BlackBerry and Symbian. The platform delivers full target compromise via spear-phishing, malicious office documents, USB attack vectors and exploitation of unpatched vulnerabilities sourced from a research network and from outside brokers including Vitaliy Toropov and Vitaly Toropov.
Capabilities documented in the 2015 leak and Citizen Lab forensic research include keylogging, screen capture, camera and microphone activation, email and chat interception, Skype voice and video recording, location tracking, password extraction from browsers, and full file-system access. Post-2019 Memento Labs has stated a tightened ethical review process while continuing development of the same product family.
Documented victims and operators
The July 2015 leak exposed an internal customer ledger that remains the single most comprehensive disclosure of any mercenary spyware vendor’s commercial relationships. Documented customers from leaked invoices and email correspondence include:
- Sudan (USD 1.0M+ contracts, in violation of UN arms embargo per Reporters Without Borders).
- Ethiopia: deployed against Ethiopian Satellite Television (ESAT) journalists in the US and UK, per Citizen Lab “Hacking Team and the Targeting of Ethiopian Journalists” (February 2014).
- Bahrain, Saudi Arabia, the United Arab Emirates, Egypt, Morocco, Azerbaijan.
- Mexico (multiple federal and state agencies, with documented use against journalists per Citizen Lab and R3D).
- Kazakhstan, Uzbekistan, Honduras, Panama, Colombia, Ecuador.
- United States: FBI and DEA, per leak.
- Italian state and prosecutorial agencies.
- Russia (commercial reseller Kvant Research Institute).
Customer states post-rebrand
Memento Labs has not publicly disclosed a customer list post-rebrand. The company states adherence to Italian and EU export controls and to an internal ethics review board. Independent verification of customer behavior post-2019 is limited. Citizen Lab and Privacy International continue to monitor the rebrand for reappearance of indicators in target devices.
Legal and sanctions status
- Not on the US Department of Commerce Entity List.
- Not designated by US OFAC.
- Subject to Italian and EU dual-use export controls (EU Regulation 2021/821).
- Italian Ministry of Economic Development export-license revocation, April 2016: revoked global export license, requiring case-by-case authorization.
- The 2015 leak was followed by criminal investigations in Italy, Mexico and elsewhere with no convictions of company leadership.
Technical countermeasures
- Modern OS hygiene: Memento Labs / Hacking Team historically relied heavily on unpatched vulnerabilities and macros. Up-to-date macOS, Windows and mobile OS substantially reduce attack surface against pre-rebrand indicators.
- Phishing resistance: spear-phishing remained the primary initial-access vector in 2015 leak material. Hardware security keys, treating unsolicited attachments as hostile, and DNS-level link inspection materially reduce risk.
- iOS Lockdown Mode: blocks many post-2022 mercenary spyware delivery chains, including techniques observed in late Hacking Team era.
- GrapheneOS on Pixel: for high-risk Android profiles, dramatically reduces persistence.
- Forensic verification: Amnesty Mobile Verification Toolkit and Citizen Lab indicators remain useful baseline for any suspected legacy or successor compromise.
Sources
- Citizen Lab, Hacking Team and the Targeting of Ethiopian Journalists (February 12, 2014)
- Citizen Lab, Mapping Hacking Team’s “Untraceable” Spyware (February 17, 2014)
- WikiLeaks, Hacking Team archive (July 2015 onwards)
- Reporters Without Borders, Hacking Team enemies of the internet profile (2013)
- Reuters, Italy revokes Hacking Team global export license (April 2016)
- The Intercept, Long-form Hacking Team coverage
- Memento Labs, Corporate website
Update log
March 31, 2026: Page launched. Sourced from the 2015 internal Hacking Team email leak, Citizen Lab forensic research dating to 2012, Reporters Without Borders investigations, The Intercept and WikiLeaks archives, and post-2019 Memento Labs corporate communications.
There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.
