A new iMessage exploit used to install NSO Group

INTRODUCTION

The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware.
At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both.
Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations. Family members were also infected in some cases.
Identified evidence of HOMAGE, a previously undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities.
Shared a selection of Pegasus cases with Amnesty International’s Tech Lab, which independently validated our forensic methodology.
 

FINDING

Catalans Targeted with Pegasus
With the targets’ consent, we obtained forensic artefacts from their devices that we examined for evidence of Pegasus infections. Our forensic analysis enables us to conclude with high confidence that, of the 63 people targeted with Pegasus, at least 51 individuals were infected.
Almost all the incidents occurred between 2017 and 2020, although we found an instance of targeting in 2015. All targets publicly named in this report consented to be identified as such.


In addition to the forensic confirmations, we identified additional cases of Catalans targeted by Pegasus infection attempts, but where we were unable to forensically validate an infection. This was due to multiple reasons, ranging from changed or discarded devices to the limitations of our forensic tooling.
Spain has a high Android prevalence over iOS (~80% Android in 2021). Anecdotally, this is somewhat reflected in the individuals we contacted. Because our forensic tools for detecting Pegasus are much more developed for iOS devices, we believe that this report heavily undercounts the number of individuals likely targeted and infected with Pegasus because they had Android devices.
Target: Members of the European Parliament
Every Catalan Member of the European Parliament (MEP) that supported independence was targeted either directly with Pegasus, or via suspected relational targeting. Three MEPs were directly infected, two more had staff, family members, or close associates targeted with Pegasus.
SMS-Based Targeting


Many victims were targeted using SMS based attacks, and we have collected more than 200 such messages. These attacks involved operators sending text messages containing malicious links designed to trick targets into clicking. In this approach, once a victim clicks on a link, the device is infected via a Pegasus exploit server.
Sophistication and personalization of the messages varied across attempts, but they reflect an often-detailed understanding of the target’s habits, interests, activities, and concerns. In many cases, either the timing or the contents of the text were highly customized to the targets and indicated the likely use of other forms of surveillance.
Many messages masqueraded as Twitter or news updates, typically focused on topics of interest to the target.

News organizations impersonated included international outlets such as The Guardian, Financial Times, and Die Welt, English language media like the Columbia Journalism Review, as well as regional media like La Vanguardia, Europa Press, El Temps, El Confidencial, and so on.

CONCLUSION

This report details extensive surveillance directed against Catalan civil society and government using mercenary spyware. According to NSO Group, Pegasus is sold exclusively to governments, and finding such an operation inevitably implicates a government. While we do not currently attribute this operation to specific governmental entities, circumstantial evidence suggests a strong nexus with the government of Spain, including the nature of the victims and targets, the timing, and the fact that Spain is reported to be a government client of NSO Group.
Call for an Investigation
The seriousness of the case clearly warrants an official inquiry to determine the responsible party, how the hacking was authorized, what legal framework governed the hacking and what judicial oversight applied, the true scale of the operation, the uses to which the hacked material was put, and how hacked data was handled, including to whom it may have been provided.

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER.

Facebook
Twitter
LinkedIn

The Thrilling Adventure of Digital Sleuthing with IRBIS

In the rapidly expanding digital world, IRBIS stands out as a revolutionary online platform for gathering digital intelligence. It offers a host of powerful tools, including deep web searches, facial recognition, and social media analysis, making the process of uncovering hidden insights on the internet simple yet efficient. What sets IRBIS apart is its use of proxy server technology, exemplified by providers like Oxylabs.io. This feature enhances privacy, speed, and access to geo-blocked content, making IRBIS an invaluable tool for both professionals and tech enthusiasts. Using IRBIS is akin to becoming a digital detective, equipped with a cutting-edge toolkit that makes the exploration of the online world an exhilarating experience.

Read More »

Unveiling the Power of Facial Recognition

Discover how the advanced facial recognition technology of Botodetective can revolutionize online investigations. With the ability to search for information about individuals using just their face picture, Botodetective offers a powerful tool for uncovering online presence and conducting thorough investigations. Dive into the world of AI-driven facial recognition and explore how this innovative technology is reshaping the landscape of online investigations. Unleash the potential of Botodetective and unlock a wealth of information with just a simple face picture. Stay ahead of the game and gain valuable insights into individuals’ online activities. Upgrade your investigative capabilities today with Botodetective’s facial recognition feature.

Read More »

Mystic Faces Revealed: Crack the Code of the Unknown with Facial Photo Search

Unleash the Epic Secrets: Master the Art of Discovery with Irbis.espysys.com

Are you curious to delve deeper into the lives of the people you encounter? With Irbis.espysys.com, you have the ultimate tool at your fingertips. This eye-catching article introduces the power of Irbis.espysys.com, an innovative platform that allows you to gather information about others based on phone numbers, names, email addresses, and even photos.

Discover the thrill of uncovering hidden truths about your date or satisfying your curiosity about someone you’ve crossed paths with on the street. Dive into the world of Irbis and witness its advanced facial recognition technology that can identify individuals and provide valuable insights.

Learn how to responsibly navigate this powerful tool and respect the privacy of others as you unlock the secrets that lie beneath the surface. Explore a world of endless possibilities, backed by a secure and encrypted environment.

Join us on this exciting journey and let Irbis.espysys.com become your guide in unraveling the mysteries that surround us. Unleash the epic secrets and master the art of discovery today!

Read More »

The Atypical OSINT Guide

This article explores the OffcierCia non-typical OSINT guide on GitHub, which is a library of materials for learning how to conduct open source intelligence (OSINT) investigations. The guide is intended for bored professionals and provides a wide range of unusual OSINT techniques and tools. The article covers the various sections of the guide, including immersive and gamified learning, training and practicing, external data, and more. It also includes a disclaimer that all information is for educational purposes only and based on public sources. The article aims to inform readers about this valuable resource for improving their OSINT skills.

Read More »

Revolutionize Your Instagram Game with AutoGPT-Social

Introducing AutoGPT-Social, an AI-powered tool designed to revolutionize your Instagram content strategy. By automatically generating eye-catching images, captions, and hashtags, this innovative bot optimizes posting schedules based on real-time feedback to maximize engagement. With customizable post frequency settings and automatic hashtag discovery, AutoGPT-Social simplifies content creation, helping you attract likes and followers with ease. To get started, visit the project’s GitHub page: https://github.com/WillReynolds5/AutoGPT-Social. Please use the bot responsibly and at your own risk.

#AutoGPTSocial #InstagramGrowth #AIContentGenerator #MaximizeEngagement

Read More »
dating

Is Your Date Who They Say They Are?

This article highlights the importance of background checks not just for employers, but for individuals as well. It explains how background checks can be helpful for online dating, childcare, and renting out property. The article also mentions ClearCheck.io, a website that offers background check services with an easy-to-use platform and informative blog. The article emphasizes that conducting a background check can provide peace of mind and help make informed decisions about the people in your life.

Read More »
4268