Dark Caracal espionage campaign traced to Lebanon.
The Electronic Frontier Foundation and security firm Lookout describe an espionage campaign, "Dark Caracal" (named after the long-eared wildcat) that's afflicted Android devices since 2012. Lebanon's intelligence service, the General Directorate of General Security (GDGS), is believed responsible for the campaign. Targets included journalists, activists, military personnel, manufacturers, and financial institutions in more than twenty countries (Help Net Security). The GDGS exposed the information they took on an open server (Engadget).
No sophisticated malware was involved: Dark Caracal spread by phishing with baited software posing as legitimate communication apps, then used permissions victims granted (Motherboard).
The GDGS may have obtained its espionage tools and infrastructure from some third-party—researchers found Dark Caracal servers and malware used earlier by hackers apparently working on behalf of the Kazakh government (Threatpost). It's unknown whether Lebanon obtained the capability from Kazakhstan or vice versa, or whether both were supplied by some third-party, but appearances suggest what many have long taken as given: there's a functioning international market for espionage tools and infrastructure.