In 2025, the cybersecurity world once again turned its gaze toward Italy — not for innovation, but for controversy. Memento Labs, a Milan-based surveillance software company, found itself at the center of global headlines after cybersecurity firm Kaspersky identified a powerful spyware strain known as Dante. What made the revelation particularly shocking was that Dante’s origins traced back to the infamous Hacking Team, a surveillance technology maker that collapsed after one of the most spectacular hacks in cybersecurity history.
At the heart of this controversy lies a web of digital espionage, government involvement, and the never-ending battle between privacy and control. The story of Memento Labs and its Dante spyware reveals not just a single incident but an entire ecosystem of secretive surveillance, murky alliances, and technological evolution that continues to challenge the ethics of cybersecurity worldwide.
The Evolution of Spyware: From Hacking Team to Memento Labs
To understand Memento Labs, we must go back to 2015 — the year when Hacking Team, a Milan-based company known for selling offensive cybersecurity tools to governments, was hacked. The breach exposed over 400 gigabytes of internal documents, emails, contracts, and most importantly, the source code for its spyware platform, Remote Control System (RCS).
The leak revealed that Hacking Team had sold its software to governments with questionable human rights records, including Ethiopia, Saudi Arabia, and Sudan. The fallout was catastrophic. The company became a pariah in the cybersecurity community, and within years, it faded into obscurity.
But in 2019, Paolo Lezzi, an Italian cybersecurity entrepreneur, purchased what remained of Hacking Team for just one euro, rebranding it as Memento Labs. Lezzi promised a “complete reboot,” saying the company would start fresh with a focus on lawful cybersecurity products. However, as the events of 2025 demonstrate, the shadows of the past are not easily erased.
Also Read: Secret Commands in Bluetooth Chip Pose Major Security Threat Worldwide
The Dante Spyware: Anatomy of a Digital Predator
In October 2025, researchers from Kaspersky Lab published a detailed report describing a new Windows spyware strain they dubbed Dante. This malware was capable of stealthy data exfiltration, keylogging, surveillance, and remote code execution, specifically targeting high-profile victims in Russia and Belarus.
What made Dante remarkable wasn’t just its functionality — it was its lineage. The code contained internal identifiers, including the phrase “DANTEMARKER”, linking it directly to Memento Labs.
Dante is an example of what cybersecurity professionals refer to as modular spyware — a system built from interchangeable parts that can adapt to various missions. It could record audio, capture screenshots, extract browser data, and even monitor encrypted communications by capturing input directly from endpoints.
According to experts, Dante appeared to be an evolution of older tools once used by Hacking Team. Though Lezzi denied that Dante was derived directly from RCS, he admitted that “some behaviors” may have persisted. This continuity highlights a broader challenge in the cybersecurity industry: once surveillance technology is built, it rarely disappears.
The Kaspersky Discovery: How Dante Was Exposed
Kaspersky’s discovery came after detecting a “wave” of cyberattacks in Eastern Europe, particularly targeting Russian media organizations, universities, and government offices. The malware was distributed via phishing campaigns that exploited a zero-day vulnerability in Google Chrome.
While Memento Labs denied creating the Chrome exploit itself, the attacks’ sophistication suggested a state-backed actor. Kaspersky’s team referred to the attackers as “ForumTroll”, a group known for targeting individuals linked to political and economic forums in Russia.
During forensic analysis, Kaspersky researchers found digital fingerprints in the spyware’s code — including unique strings, encryption methods, and operational infrastructure — all pointing to Memento Labs.
The researchers concluded that Dante had likely been used by one of Memento’s government clients, who had deployed an outdated version of the software that had been flagged months earlier.
Memento Labs’ Response: A Crisis in Damage Control
Following the report, Paolo Lezzi, CEO of Memento Labs, confirmed to TechCrunch that the spyware indeed originated from his company. However, he placed the blame on a government customer who had allegedly used an outdated and unsupported version of the spyware.
“Clearly, they used an agent that was already dead,” Lezzi said, referring to the spyware agent installed on the targets. He stated that Memento had already requested all clients discontinue using the Windows version of Dante by the end of 2025.
Lezzi also emphasized that Memento had since shifted its focus to mobile spyware and zero-day vulnerability sourcing, distancing itself from older Windows-based operations. However, cybersecurity experts argue that this doesn’t absolve the company of responsibility — especially given the potential for continued misuse of its older tools.
Also Read: Top 10 Cybersecurity Fundamentals: Building a Strong Digital Fortress
A Brief History of Surveillance Scandals
The Memento Labs incident revives discussions about a larger problem: the proliferation of spyware companies that operate in legal gray zones.
Over the past decade, several firms have faced intense scrutiny for selling surveillance tools to authoritarian regimes. The most infamous example remains NSO Group, the Israeli company behind Pegasus spyware, which was used to hack journalists, activists, and even heads of state.
The Dante case fits into this broader narrative of state-sponsored surveillance — where governments justify intrusive monitoring under the pretext of national security, yet often use it to suppress dissent or spy on political rivals.
Experts from the Citizen Lab at the University of Toronto argue that the cycle of surveillance tech rebirth is almost inevitable. Companies like Hacking Team may die, but their technologies — and even some of their employees — often resurface under new names.
The Business of Spyware: Legal but Lethal
Despite public outrage, surveillance software like Dante exists in a murky legal space. Many governments legally authorize “lawful interception” for national security or law enforcement. Companies like Memento Labs argue that they only sell to legitimate authorities.
However, once the software leaves the lab, controlling how it’s used becomes nearly impossible. Cybersecurity lawyers note that export control regulations are often vague and inconsistently enforced.
The result is a shadow market where digital weapons are traded across borders with limited oversight. When exposed, these tools often reveal a global web of buyers and sellers operating far beyond traditional regulation.
The Ethics of Digital Espionage
The Dante controversy reignites the question: should private companies be allowed to sell advanced spyware to governments?
Proponents argue that surveillance tools help fight terrorism, cybercrime, and child exploitation. Critics counter that such software is frequently abused to suppress free speech, monitor opposition leaders, and intimidate journalists.
What makes the debate particularly challenging is that both sides have valid points. Cybersecurity professionals point out that while law enforcement may need surveillance capabilities, unchecked access leads to catastrophic privacy violations.
The Memento Labs case demonstrates that even when a company intends to act lawfully, its tools can be misused or leaked. The line between ethical surveillance and human rights abuse is dangerously thin.
Also Read: How Can an Attacker Execute Malware Through a Script? 5 Safety Tips
The Technical Landscape: Zero-Days, Exploits, and Spyware Economics
A striking revelation in Lezzi’s interview was that Memento Labs both develops and purchases zero-day vulnerabilities — previously unknown flaws in software that hackers can exploit.
The global market for zero-days is both lucrative and secretive. Governments and intelligence agencies often pay hundreds of thousands of dollars for access to undisclosed vulnerabilities. These exploits form the backbone of spyware like Dante, enabling silent infiltration of systems without triggering antivirus alerts.
While Memento claims to source most exploits from external developers, this ecosystem fuels a dangerous incentive structure — one where finding flaws in software is more profitable than fixing them.
Global Reactions and Industry Impact
The exposure of Dante has sparked renewed calls for international spyware regulation. European lawmakers, who have previously debated export restrictions on surveillance tools, now face pressure to tighten oversight on companies like Memento Labs.
Cybersecurity firms and watchdogs such as Amnesty Tech and Citizen Lab have reiterated demands for a global framework that restricts spyware exports to governments with poor human rights records.
Industry insiders say the Dante incident could accelerate the push toward stricter cybersecurity ethics certifications and software accountability laws. For Memento Labs, the damage to reputation may be irreversible — even if the company continues to operate under tighter scrutiny.
Lessons Learned: The Future of Surveillance Technology
The rise and fall of Hacking Team, and now Memento Labs, offer valuable lessons about the lifecycle of surveillance technology.
- Surveillance tools rarely disappear. Once created, they can be copied, resold, or reverse-engineered.
- Accountability is elusive. When tools are misused, developers often blame the customers, while governments deny involvement.
- Transparency is the only defense. Without oversight, the line between national security and human rights abuse vanishes.
The Dante spyware represents a deeper truth: that technology itself is neutral, but its use reflects human intent. As cybersecurity grows more advanced, so too do the ethical dilemmas surrounding its deployment.
Conclusion: The Legacy of Dante and the Future of Cyber Ethics
The Memento Labs saga serves as both a warning and a mirror. It exposes how surveillance technologies, even when legally sold, can easily become instruments of oppression.
The discovery of Dante spyware reminds us that the cybersecurity landscape is no longer about lone hackers or isolated viruses — it’s a complex, multi-billion-dollar ecosystem where private firms, governments, and criminal actors all intersect.
As regulators race to catch up, the world must confront an uncomfortable question: are we building technologies to protect freedom or to quietly dismantle it?
Until nations establish a unified ethical framework for cyber intelligence, incidents like Dante will continue to resurface — newer, smarter, and harder to stop.
Also Read: What is Apple VT H264 Hardware Encoder OBS?
FAQs
1. What makes Dante spyware different from traditional malware?
Dante is designed for stealthy surveillance, not financial gain. It extracts sensitive data and monitors user activity without detection.
2. Did Memento Labs admit to selling spyware to authoritarian regimes?
No direct admission was made, but past affiliations with Hacking Team raise ethical concerns about client transparency.
3. How does Dante evade antivirus detection?
It uses advanced encryption, modular code injection, and exploits zero-day vulnerabilities to stay hidden from standard detection tools.
4. Is Memento Labs still developing spyware?
According to Paolo Lezzi, the company now focuses on mobile surveillance and external zero-day sourcing, not desktop spyware.
5. Can outdated spyware versions still pose a threat?
Yes. Even unsupported versions can be repurposed by attackers or leak into black markets.
6. How do cybersecurity firms identify spyware creators?
Through reverse engineering, code pattern analysis, and identifying developer signatures left in the codebase.
7. What lessons can be learned from the Memento Labs incident?
The need for global spyware regulation, ethical accountability, and stronger privacy laws.
8. How do zero-day exploits relate to spyware operations?
Zero-days allow spyware to enter systems silently, making them crucial for undetectable operations.
9. What are the risks for countries using commercial spyware?
Aside from ethical issues, they risk data leaks, espionage exposure, and international backlash.
10. Could AI make future spyware even more dangerous?
Yes. AI-powered surveillance could automate targeting and mimic human behavior, making detection far more difficult.