In Egypt And Turkey Users Got State Spyware
Canadian Citizen Lab from the University of Toronto found out how the authorities in Turkey used DPI (Deep Packet Inspection) to control internet traffic and succeed in placing malicious code in software like Skype, CCleaner or Opera.

image source
All downloads of mentioned software that didn't go through encrypted HTTPS connections were affected. This is again an example that today the use of HTTP has become unnecessary and dangerous.
Türk Telekom has set up middleboxes (middleware) to redirect users from Turkey and Syria to the state spyware when they wanted to download normal and harmless programs. With this state spyware, authorities could spy on users. In Egypt, however, there were frequent MITM attacks (man in the middle) that redirected users to sites that began mining cryptocurrencies on their computers.

image source
That was easy to do because the manufacturers usually redirect visitors to an unencrypted page (HTTP) to download, so it's trivial to perform DPI on the traffic and manipulate it if necessary. This campaign was limited to Turkey, but because some users who are physically located in Syria use Turkish links, they were also targets.
In Egypt, campaign (AdHose) was different. For a short time, users were massively redirected to advertising (spray mode), while in a more specialized mode (trickle mode), they added commands for mining crypto through JavaScript and site-side advertisements.

image source
In both cases, Sandwine PacketLogic middlebox/middleware devices were used to analyze Internet traffic and, if necessary, manipulate it. The devices of this company were also used in Turkey to block unwanted websites (eg Wikipedia and the Kurdish Workers' Party), and in Egypt to block the human rights page, political and news sites, etc.
kaleidoscope sourceThe US company Sandvine was once called Procera Networks, and last year they bought Canadian Sandwine and joined together. The company's owner is Francisco Partners, which owns several companies that develop spyware and control technology equipment. One such is NSO Group, a company in Israel, who gladly sells its gadgets to countries with authoritarian regimes, which they then use to prosecute activists, journalists, lawyers, etc...
Sources:
Sandvine’s PacketLogic Devices Used to Deploy Government Spyware
StrongPity APT – Waterhole attacks against Italian and Belgian users
PacketLogic Platforms
NSO Group
More security news:
New Security Threat: ADB.Miner
Stolen Credit Card Numbers In OnePlus
Backdoor Found In Lenovo Network Switches
Skype And Signal
Intel Screwed Again
Attack By Screaming
Loapi Malware
Serious Security Hole In MacOS
Critical vulnerabilities in Intel processors
Imgur Hacked
Did you know that you have more than one operating system on your computer?
Android Oreo Bug

@seckorama
Take a look at my DTube Channel
Check out my DSound Channel
