Catalan politicians have reportedly been targeted by a new form of mobile security threat that attacks iOS devices.
Cybersecurity researchers at Citizen Lab discovered a new zero-click exploit (opens in new tab) in iMessage - iPhone’s native texting app. The new exploit was allegedly used to install Pegasus, known spyware from the dreaded NSO Group.
Although the team say they can’t know with absolute certainty, they believe that individuals from Spain were behind the attack, with Catalonia, a region in the north east of the country, seeks to gain its independence from the Spanish crown.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
NSO Group strikes again
NSO Group is an Israeli tech startup known for selling malware (opens in new tab) and spyware to governments around the world. It has frequently been criticized for its role in the abuse of human rights, especially against politicians, journalists and civil rights activists.
This time around, it appears Pegasus was installed on endpoints (opens in new tab) belonging to Catalan Members of the European Parliament (MEPs), every Catalan president since 2010, as well as Catalan “legislators, jurists, journalists, and members of civil society organizations and their families”.
The newly discovered zero-day has been dubbed HOMAGE, and is reportedly only found on iPhone devices running iOS 13.2 or earlier.
> Are you a target of Pegasus spyware? Get an iPhone and stay safe (opens in new tab)
> Pegasus spyware should face blanket ban, EU says (opens in new tab)
> This malware pretends to be Amnesty International protection from Pegasus (opens in new tab)
"Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.
"We are not aware of any zero-day, zero-click exploits deployed against Catalan targets following iOS 13.1.3 and before iOS 13.5.1."
The researchers don’t know who’s behind the attack, but suspect individuals from the Spanish government.
"At this time the Citizen Lab is not conclusively attributing these hacking operations to a particular government, however a range of circumstantial evidence points to a strong nexus with one or more entities within Spanish government," Citizen Lab added.
- Defend your premises with the best ransomware protection services right now (opens in new tab)
Via: BleepingComputer (opens in new tab)