Catalan politicians have reportedly been targeted by a new form of mobile security threat that attacks iOS devices.
Cybersecurity researchers at Citizen Lab discovered a new zero-click exploit in iMessage - iPhone’s native texting app. The new exploit was allegedly used to install Pegasus, known spyware from the dreaded NSO Group.
Although the team say they can’t know with absolute certainty, they believe that individuals from Spain were behind the attack, with Catalonia, a region in the north east of the country, seeks to gain its independence from the Spanish crown.
NSO Group strikes again
NSO Group is an Israeli tech startup known for selling malware and spyware to governments around the world. It has frequently been criticized for its role in the abuse of human rights, especially against politicians, journalists and civil rights activists.
This time around, it appears Pegasus was installed on endpoints belonging to Catalan Members of the European Parliament (MEPs), every Catalan president since 2010, as well as Catalan “legislators, jurists, journalists, and members of civil society organizations and their families”.
The newly discovered zero-day has been dubbed HOMAGE, and is reportedly only found on iPhone devices running iOS 13.2 or earlier.
"Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.
"We are not aware of any zero-day, zero-click exploits deployed against Catalan targets following iOS 13.1.3 and before iOS 13.5.1."
The researchers don’t know who’s behind the attack, but suspect individuals from the Spanish government.
"At this time the Citizen Lab is not conclusively attributing these hacking operations to a particular government, however a range of circumstantial evidence points to a strong nexus with one or more entities within Spanish government," Citizen Lab added.
Via: BleepingComputer