Our digital forensics investigations focus on Internet censorship, targeted malware, disinformation campaigns, election fraud,  digital attacks against media sites, and other digital threats against a free and open Internet.

We collaborate with independent media and investigative journalists to validate and enrich their stories with digital forensics. Qurium also assists with media dissemination so that the stories reaches a wider public beyond local media. Several of our media partners have been awarded for their work in investigative journalism:

  1. Kloop Media, Kyrgyzstan, Global Investigative Journalism Network (Best Investigative Stories from the Former Soviet Union — 2017)
  2., Azerbaijan, Guardian Journalism Award winner (2014)
  3. Premium Times Nigeria, Nigeria, Pulitzer Prize, as a part of the Panama Papers Investigation (2017)

This page includes all forensic reports that have been released to the public.  For full reports including media coverage, please see respective country page.


[December 2019] Investigative reporting from Etilaat Rooz under ddos


[March, 2020] Targeted sophisticated phishing attacks against dissidents in Azerbaijan is trending
[February, 2020] Finding “man”, the phisher of journalists in Azerbaijan
[January, 2020] Fishing fishers in Azerbaijan
[December, 2019] Find Face and Internet blocking in Azerbaijan
[October 2019] Fineproxy used to launch DDoS attack against site critical of Azerbaijani state oil company’s leader
[July 2019] DDOS: the inconvenient business visitor of
[April 2019] Media websites from Azerbaijan under DDOS
[January 2019] SUS-759: Sandvine and Internet blocking in Azerbaijan
[January 2019] Political motivated attacks against
[August 2018] Azerbaijan and the fineproxy DIY DDOS service (Region40/QualityNetwork)
[April 2018] Corruption, censorship and deep packet inspection
[January 2018] Digital attacks against media reporting on SOCAR
[April 2017] Deep Packet Inspection and Internet censorship in Azerbaijan
[March 2017] News media websites attacked from Governmental Infrastructure in Azerbaijan
[December 2016] How Azerbaijan is trying to block main opposition media news


[November 2019] Kontacto and Translife
[October 2019] Kontacto – an insecure mobile app to track voters in Colombia
[October 2019] Kontacto’s lack of security exposed data from 55.000 people
[November 2019] Fake news and the Kontacto troll army


[June 2020] Internet blocking in Cuba – “Silencing dissents in the name of moral and good manners”

Congo (DRC)

[Jan 2019] Democratic Republic of Congo shutdowns the Internet after Elections


El Salvador

[March 2020] DDoS attacks against Salvadoran “Revista Factum” in El Salvador attributed to University infrastructure 


[May 2017] #MacronGate, tracing the source of the Macron offshore papers
[May 2017] The disturbing role of social media during the Champs-Elysées attack


[February 2018] PART 3: Fake mobile apps in Iran, Fraud, Phishing and Users at risk
[February 2018]  PART 2: Fake mobile apps in Iran, – when spyware and click fraud can put millions of unaware users at risk
[January 2018] PART 1: Tracking Mobile Spyware during the Telegram blocking in Iran


[March 2018] Internet blocking in Jordan


[September 2019] Collateral blocking in Kazakhstan traced back to illegal prostitution ring
[July 2019] Kazakhstan impose users to install government controlled certificate – FAQ


[December 2019] Fake newspaper announces the involvement of journalists of Radio Liberty in the killing of Saimaitu Airken
[November 2019] Kloop and OCCRP’s report “Public land, private hands” under DDoS
[December 2017] Infocom unprovisions the Samara technical setup days before the Press Conference
[December 2017] Samara press conference
[November 2017]  SRS caught in denial

[Oct – Dec 2017] Elections in Kyrgyzstan 2017, Exposing Samara, a fraudulent voter management system



[January 2017] Unrest in Myanmar


[March 2020] Cyberattack against Premium Times Nigeria attributed to “student” at the Federal University of Technology, Akure


[May 2020] Attacks against websites in the Philippines during Covid-19
[Apr 2019] What is hosted at the Suniway network?
[March 2019] Attributing the attacks against media and human rights websites in the Philippines
[January 2019] Alternative news agency from Philippines “Bulatlat” under denial of service attack

South Sudan


[October, 2018] One year after denial of service against
[October, 2017] Evidence of Internet Censorship during Catalonia’s Independence Referendum
[October, 2017] Blocking techniques Catalunya



[September 2019] Turkmenistan blocks Google’s cloud storage
[July 2019] Turkmenistan and their Golden DPI



[July 2018] DDOS against and
[June 2018] DNS tampering in Vietnam


[August 2018] The cyber attack against the Zimbabwe Electoral Commission