NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders

Yet another basic human rights violation, courtesy of NSO Group: Citizen Lab has the details:

Key Findings

  • We discovered an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy.
  • We forensically confirmed that at least 30 individuals were infected with NSO Group’s Pegasus spyware.
  • The observed infections took place between October 2020 and November 2021.
  • The ongoing investigation was triggered by notifications sent by Apple to Thai civil society members in November 2021. Following the notification, multiple recipients made contact with civil society groups, including the Citizen Lab.

Continue reading NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders

Apple ramps up war on spyware, a growing digital scourge

An Apple representative said that the company has alerted potential victims of highly targeted mercenary spyware in 150 countries.

The post Apple ramps up war on spyware, a growing digital scourge appeared first on CyberScoop.

Continue reading Apple ramps up war on spyware, a growing digital scourge

Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents

United Arab Emirates agents loaded Pegasus spyware on the phone of journalist Jamal Khashoggi’s wife months before his death, the Washington Post first reported Tuesday. The software was discovered by Citizen Lab, which examined the device at the request of the newspaper and Khashoggi’s wife, Hanan Elatr. Agents placed the spyware on her phone after seizing her from the Dubai airport in April 2018 and interrogating her, the researchers said. During the interrogations, they seized her two Android phones. Agents typed in a web address that researchers have tied to a network used to spread the spyware. The Post first reported in July that Elatr was targeted by Pegasus spyware via text messages, but researchers couldn’t tell if the hack was successful. It’s unclear if the spyware launched by UAE agents finished installing on the phone, Citizen Lab researcher Bill Marczak told the Post. However, the new findings are the […]

The post Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents appeared first on CyberScoop.

Continue reading Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.

We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab:

We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.

Cytrox was reported to be part of Intellexa…

Continue reading More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Apple alerts journalists, activists about state-sponsored hacking attempts after NSO Group suit

On the same day Apple announced a lawsuit against Israeli spyware vendor NSO Group for developing hacking tools to help breach iOS technology, the company was notifying potential targets of those exploits. El Faro, a news organization in San Salvador, El Salvador, reported late Tuesday that 12 of its staff members received notices from the company, which warned that that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.” The company also sent notices to four others in San Salvador who are “leaders of Civil Society organizations and opposition political parties,” the news organization reported. Notices were also sent to six Thai activists and researchers critical of the government there, Reuters reported. NSO Group develops software designed to allow access to target devices through various bugs in Apple’s technology. A company spokesperson told CyberScoop Tuesday that its […]

The post Apple alerts journalists, activists about state-sponsored hacking attempts after NSO Group suit appeared first on CyberScoop.

Continue reading Apple alerts journalists, activists about state-sponsored hacking attempts after NSO Group suit

Apple patches against alleged NSO Group zero-click exploit used on activists

Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers. The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets — including the phone of a Saudi activist in March, researchers at Citizen Lab said. The exploit uses a manipulated gif to crash Apple’s image rendering library. It then launches spyware that researchers say shares distinct features with NSO Group’s Pegasus spyware. Researchers have named the exploit “FORCEDENTRY.” Zero-click exploits prove especially dangerous because they don’t require users to open the malicious message or link for hackers to gain access to your phone. Researchers are urging Apple Mac, iPhone and Apple Watch users to immediately update their iOS software. The NSO Group exploit was a zero-day, or previously unknown, vulnerability. It’s […]

The post Apple patches against alleged NSO Group zero-click exploit used on activists appeared first on CyberScoop.

Continue reading Apple patches against alleged NSO Group zero-click exploit used on activists

Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

Government hackers used NSO Group surveillance technology to infiltrate the phones of nine Bahraini activists, according to a new report from Citizen Lab. The victims included a blogger, activist, members of political organization Waad and members of the Bahrain Center for Human Rights. Five of the targets identified by Citizen Lab, an internet watchdog from from the University of Toronto, were listed on a list of individuals obtained by Amnesty International as a part of its “Pegasus Project” investigation. The list is believed to comprise potential targets of NSO Group’s customers. Hackers used fake texts that linked out to malicious software as well as “zero-click” attacks, which do not require any user interaction. Researchers found that attackers successfully exploited the most recent versions of Apple iOS, circumventing protections introduced by the company in January to protect users against such attacks. Amnesty Tech has also reported zero-click exploits successfully exploiting iOS […]

The post Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says appeared first on CyberScoop.

Continue reading Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

Apple’s new solution to combat child abuse imagery could radically shift encryption debate

Apple announced Thursday it will introduce a feature to detect child sexual abuse images being uploaded to iCloud Photos from iPhone devices in the United States. The company has framed the feature as a privacy-preserving way to combat the scourge of images of sexually explicit content involving children shared online. It’s a radical shift in approach to device privacy by Apple, which has often found itself at the forefront of the clash between tech companies and law enforcement over encrypted technologies. Security researchers and privacy experts say that the company’s decision could lead to a slippery slope of government abuse and has radically shifted the debate over encrypted technologies. “They’ve really changed the rules around what the debate around encryption is,” said Christopher Parsons, a senior research associate for Citizen Lab at the Munk School of Global Affairs and Public Policy at the University of Toronto. Most major cloud services including […]

The post Apple’s new solution to combat child abuse imagery could radically shift encryption debate appeared first on CyberScoop.

Continue reading Apple’s new solution to combat child abuse imagery could radically shift encryption debate