2 min read

NSO Group’s Spyware Installed on iPhones of Al Jazeera Employees Using a Zero-Day Exploit

Silviu STAHIE

December 22, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
NSO Group’s Spyware Installed on iPhones of Al Jazeera Employees Using a Zero-Day Exploit

Security Researchers from The Citizen Lab discovered that attackers deployed a zero-day against iOS 13.5.1 and likely had access to iPhones of 36 people working at Al Jazeera.

Zero-day exploits are usually very expensive and attackers don’t normally use them for just anyone. Such vulnerabilities appear in attacks against high-value targets for a simple reason: once they are discovered, the hardware developers try to close the exploit as quickly as possible.

In the case of the Al Jazeera hack, the attackers installed NSO Group’s Pegasus spyware, a piece of kit that allows the user to remotely monitor devices. The NSO Group made a name for itself with similar attacks, including the 2019 Whatsapp breach that allowed them to infect more than 1,000 devices. Now, the company focuses more on zero-click exploits and network-based attacks, selling their “products” to governments and other interested parties.

“It is more challenging for researchers to track these zero-click attacks because targets may not notice anything suspicious on their phone,” said The Citizen Lab in their report. “Even if they do observe something like ‘weird’ call behavior, the event may be transient and not leave any traces on the device.”

This is exactly what happened with the current Pegasus infection. Al Jazeera’s Tamer Almisshal believed he was hacked and allowed security researchers to monitor his traffic.

“The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage,” the researchers said. “In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.”

In total, The Citizen Lab identified 36 infected phones belonging to Al Jazeera employees, but the infections came from four different operators, MONARCHY, SNEAKY KESTREL, CENTER-1 and CENTER-2. It’s difficult to pinpoint the operators, but the group says with medium confidence that SNEAKY KESTREL was acting on behalf of the UAE and MONARCHY on behalf of Saudi Arabia.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read