Skip to content
July 18, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Malware
  • “Grey Heron” in the surveillance industry: Advanced Spyware products can spy on Signal and Telegram
  • Malware

“Grey Heron” in the surveillance industry: Advanced Spyware products can spy on Signal and Telegram

Do Son March 30, 2018 3 minutes read
Add Daily CyberSecurity as a preferred source on Google

According to securityaffairs and motherboard reports, a mysterious surveillance company named Grey Heron is promoting its spyware, claiming to be able to monitor Signal and Telegram communications. According to a survey conducted by Motherboard, the company and the Italian monitoring company Hacking Team should have some kind of connection, because, behind the Saudi government related investor support, the Hacking Team is still continuing to sell its spyware.

The development and sale of surveillance software is a profitable business. Many government agencies use spyware for different purposes. So in order to more clearly grasp the relationship between Grey Heron and these institutions, Motherboard conducted an in-depth investigation.

Motherboard learned from a Grey Heron brochure that Grey Heron’s mission is to provide law enforcement agencies with powerful tools to balance criminals’ capabilities. This brochure contains an Eric Rabe’s business card, Grey Heron’s marketing and communication methods.

The Force Behind Grey Heron

It is worth noting that Rabe is a longtime spokesman of the Italian monitoring company Hacking Team. Hacking Team is a monitoring company that sells spy products to other countries’ governments (such as Sudan, Ethiopia, Saudi Arabia and Bahrain, etc.). According to Motherboard’s survey, the Hacking Team hacker team is still active, thanks in part to an investor linked to the Saudi government .

Private Eye also revealed in a recent report that Grey Heron is based in Milan and briefly mentioned the relationship between Grey Heron and Rabe. In addition, Private Eye also believes that Grey Heron may have some connections with another British company of the same name (the company is managed by a former British military officer).

 

Grey Heron Spy Ability

In the brochure, Grey Heron promised to solve the same problems that other malware vendors pointed out, such as the proliferation of easy-to-use encryption technology. So how does Grey Heron deploy spyware to deal with these issues?

In general, Grey Heron is deployed in a number of different ways, including the use of vulnerability remote exploits or social engineering attacks to trick the target object into downloading software. The company provides functionality for Android and iOS devices, as well as OS X and Windows computers.

Grey Heron can collect data from Signal and Telegram. Although it is still unclear how to extract information from Signal, it is not common to mention Signal’s malware companies in marketing materials. In addition, Grey Heron also revealed that they target Skype and encrypted email.

Grey Heron is very interested in the European and North American markets, and Grey Heron has privately confirmed that the Italian government has allowed it to export its products throughout the EU.

 

Related coverage

  • Beware of “The Unarchiver” Imposter: New macOS Malware Steals Sensitive User Data
  • Russian Tomiris APT Adopts “Polyglot” Strategy, Hijacking Telegram/Discord as Covert C2 for Diplomatic Spies
  • Inside the Rapid Evolution of the BlankGrabber Stealer
  • AI-Generated Malware: TikTok Videos Push Infostealers with PowerShell Commands
  • Cybercriminals Exploit CrowdStrike Update Incident with New Stealer Malware, Connecio
Track all actively exploited CVEs →

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: Grey Heron

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-6875CVSS 9.5
    ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability...
    Admin intel📅 Updated: Jul 18, 2026
  • CVE-2026-39808CVSS 9.8
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox...
    CISA KEV📅 Added to KEV: Jul 16, 2026
  • CVE-2026-25089CVSS 9.8
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox...
    CISA KEV📅 Added to KEV: Jul 16, 2026
  • CVE-2026-58644CVSS 9.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 16, 2026
  • CVE-2023-4346CVSS 7.5
    KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to...
    CISA KEV📅 Added to KEV: Jul 15, 2026
  • CVE-2026-53362
    In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation...
    Admin intel📅 Updated: Jul 14, 2026
  • CVE-2026-46242CVSS 7.8
    In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file...
    Admin intel📅 Updated: Jul 14, 2026
  • CVE-2026-56155CVSS 7.8
    Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate...
    CISA KEV📅 Added to KEV: Jul 14, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-47865CVSS 9.8
    VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user...
  • CVE-2026-55518CVSS 9.6
    Avo is a framework to create admin panels for Ruby on Rails...
  • CVE-2026-54159CVSS 10.0
    PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0...
  • CVE-2026-48062CVSS 9.8
    CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in...
  • CVE-2026-13446CVSS 9.8
    IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password...
  • CVE-2026-8859CVSS 9.9
    IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to...
  • CVE-2026-8635CVSS 9.9
    IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges...
  • CVE-2026-8505CVSS 9.8
    IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook...
  • CVE-2026-8476CVSS 9.9
    IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution...
  • CVE-2026-8481CVSS 9.9
    IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.