2 min read

NSO Group’s Spyware Installed on iPhones of Al Jazeera Employees Using a Zero-Day Exploit

Silviu STAHIE

December 22, 2020

NSO Group’s Spyware Installed on iPhones of Al Jazeera Employees Using a Zero-Day Exploit

Security Researchers from The Citizen Lab discovered that attackers deployed a zero-day against iOS 13.5.1 and likely had access to iPhones of 36 people working at Al Jazeera.

Zero-day exploits are usually very expensive and attackers don’t normally use them for just anyone. Such vulnerabilities appear in attacks against high-value targets for a simple reason: once they are discovered, the hardware developers try to close the exploit as quickly as possible.

In the case of the Al Jazeera hack, the attackers installed NSO Group’s Pegasus spyware, a piece of kit that allows the user to remotely monitor devices. The NSO Group made a name for itself with similar attacks, including the 2019 Whatsapp breach that allowed them to infect more than 1,000 devices. Now, the company focuses more on zero-click exploits and network-based attacks, selling their “products” to governments and other interested parties.

“It is more challenging for researchers to track these zero-click attacks because targets may not notice anything suspicious on their phone,” said The Citizen Lab in their report. “Even if they do observe something like ‘weird’ call behavior, the event may be transient and not leave any traces on the device.”

This is exactly what happened with the current Pegasus infection. Al Jazeera’s Tamer Almisshal believed he was hacked and allowed security researchers to monitor his traffic.

“The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage,” the researchers said. “In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.”

In total, The Citizen Lab identified 36 infected phones belonging to Al Jazeera employees, but the infections came from four different operators, MONARCHY, SNEAKY KESTREL, CENTER-1 and CENTER-2. It’s difficult to pinpoint the operators, but the group says with medium confidence that SNEAKY KESTREL was acting on behalf of the UAE and MONARCHY on behalf of Saudi Arabia.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities
Silviu STAHIE

September 24, 2021

1 min read
Microsoft Finds Large Phishing-as-a-Service Operation Selling Over 100 Kits Microsoft Finds Large Phishing-as-a-Service Operation Selling Over 100 Kits
Silviu STAHIE

September 24, 2021

1 min read
US Targets Major Crypto Exchange with Sanctions US Targets Major Crypto Exchange with Sanctions
Silviu STAHIE

September 24, 2021

1 min read