Pegasus-style spyware attacks target journalists, politicians

April 12, 2023

Microsoft Threat Intelligence analysts named the threat group as “DEV-0196” linked to Israel-based private sector offensive actor (PSOA) known as QuaDream….reports Asian Lite News

The fear of Pegasus-style spyware attack resurfaced on Tuesday after researchers at Microsoft and the digital rights group Citizen Lab identified new victims in North America, Central Asia, Southeast Asia, Europe, and the Middle East — once again from an Israel-based spyware maker.

Hackers used QuaDream spyware to send malicious calendar invites and hack the iPhones of journalists, political opposition figures, and an NGO worker.

“Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware,” Citizen Lab said in a statement.

The researchers identified traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.

The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions.

“The suspected exploit, which we call ‘ENDOFDAYS’, appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims,” said Citizen Lab of the University of Toronto’s Munk School.

Microsoft Threat Intelligence analysts named the threat group as “DEV-0196” linked to Israel-based private sector offensive actor (PSOA) known as QuaDream.

QuaDream reportedly sells a platform they call REIGN to governments for law enforcement purposes. REIGN is a suite of exploits, malware, and infrastructure designed to exfiltrate data from mobile devices.

REIGN, like NSO Group’s Pegasus spyware, reportedly utilises zero-click exploits to hack into target devices.

“Citizen Lab was able to identify operator locations for QuaDream systems in the following countries: Bulgaria, Czechia, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates, and Uzbekistan,” the tech giant revealed.

QuaDream has had a partnership with a Cypriot company called InReach, with whom it is currently embroiled in a legal dispute.

“Numerous key individuals associated with both companies have prior connections with another surveillance vendor, Verint, as well as Israeli intelligence agencies,” the reports mentioned.

An Apple spokesperson was quoted as saying in a TechCrunch report that “there’s no evidence showing the exploit discovered by Microsoft and Citizen Lab has been used after March 2021, when the company released an update”.

QuaDream was mentioned in a December 2022 report from Meta, which reportedly took down 250 accounts associated with the company.

According to the report, Meta observed QuaDream testing its ability to exploit iOS and Android mobile devices with the intent “to exfiltrate various types of data including messages, images, video and audio files, and geolocation”.

ALSO READ: Macron bats for ‘European sovereignty’

Previous Story

Erdogan launches campaign to retain power

Next Story

Mumbai thrash Capitals in last-ball thriller

Latest from -Top News

Sisi, MBZ cement ties

UAE and Egypt bolster ties through high-level talks in Abu Dhabi and a landmark cardiac care initiative delivering lifesaving treatment to rural

70,000 Gaza kids starve

WFP warned that any further escalation of conflict could paralyse relief operations altogether, deepening the plight of civilians—especially children, the elderly, and

Prayers on the Mount

The Day of Arafat, considered the pinnacle of the Hajj pilgrimage, witnessed a congregation of believers from around the world As the

EID MUBARAK!

UAE marks Eid Al Adha with housing support, children’s gifts, pardons, and cultural celebrations, reflecting a national spirit of compassion, unity, and

Don't Miss