Despite the recent US government directive, by the Biden administration, to curb the use of commercial Spyware, entities across the world are still employing it for targeted surveillance and espionage. A recent DarkReading article, outlines that “Campaigns that wielded NSO Group’s Pegasus against high-risk users over a six-month period continue to demonstrate growing sophistication and the relentless nature of spyware actors.” The article references work done by JAMF Threat Labs which investigated multiple mobile devices belonging to different individuals and organisations that showed unique indicators of compromise (IOCs) and evidence of active spyware campaigns.
In a similar vein, early this April-2023, researchers at the Citizen Lab at the University of Toronto’s Munk School said new spyware, which is made by an Israeli company called QuaDream, infected some victims’ phones by sending an iCloud calendar invitation to mobile users from operators of the spyware, who are likely to be government clients. Victims were not notified of the calendar invitations because they were sent for events logged in the past, making them invisible to the targets of the hacking. Such attacks are known as “zero-click” because users of the mobile phone do not have to click on any malicious link or take any action in order to be infected.
But even the infamous Pegasus has not gone away, as it emerged recently, the mother company NSO Group is back with at least three new iOS 15 and iOS 16 zero-click exploit chains, which were used against human rights activists in Mexico and elsewhere across the world in 2022 as reported by Citizen Lab on 18-Apr-23.
Whilst few organisations and individuals will be subject to such targeted Spyware attacks, CyberSolace recommends to all relevant customers/audience who may see the risk relevant to them, such as those in the legal sector and NGO sector, to adopt some basic hygiene practices to reduce exposure to such attacks.
You can read more by clicking the button below.