Security News > 2022 > April > ‘CatalanGate’ Spyware Infections Tied to NSO Group

‘CatalanGate’ Spyware Infections Tied to NSO Group
2022-04-19 16:04

An unknown zero-click exploit in Apple's iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists and activists.

Citizen Lab, in collaboration with Catalan-based researchers, released the finding in a report on Monday that claims 65 people were targeted or infected with malware via an iPhone vulnerability called HOMAGE. It asserts the controversial Israeli firm the NSO Group and a second firm Candiru were behind the campaigns that took place between 2017 and 2020.

Citizen Lab alleges, victims were targeted with the Pegasus malware using the zero-click iOS exploit and a known malicious SMS message vulnerability, circa 20215, used by the NSO Group to spread its Pegasus malware.

In December 2020, Citizen Lab said phones of 36 journalists were infected with KISMET by four separate APTs, possibly linked to Saudi Arabia or the UAE. The WhatsApp buffer overflow bug, exploited by the NSO Group in the CatalanGate attacks, had previously been reported by Citizen Lab in 2019 and was patched in May of 2019.

At the time, the Financial Times reported a "Private company" believed to be the NSO Group created the zero-day attack to sell to its customers.

In August 2021, Citizen Lab reported a never-before-seen, zero-click iMessaging exploit had been used to illegally spy on Bahraini activists with NSO Group's Pegasus spyware.


News URL

https://threatpost.com/catalangate-spyware/179336/