Security News > 2022 > April > Experts Uncover Spyware Attacks Against Catalan Politicians and Activists
A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a "Multi-year clandestine operation."
The attacks involved the weaponization of an iOS exploit dubbed HOMAGE that made it possible to penetrate the devices running versions prior to iOS 13.2, which was released on October 28, 2019.
The findings build on a prior report from The Guardian and El País in July 2020 that revealed a case of domestic political espionage aimed at Catalan pro-independence supporters using a vulnerability in WhatsApp to deliver the Pegasus surveillanceware.
Besides relying on the now-patched WhatsApp vulnerability, the attacks made use of multiple zero-click iMessage exploits and malicious SMS messages to hack Catalan targets' iPhones with Pegasus over a three year period.
The issue is likely believed to have been closed by Apple in version iOS 13.2, as the exploit was observed as being fired only against devices running iOS versions 13.1.3 and lower.
The links to NSO Group's Pegasus and Candiru stem from infrastructure overlaps, with the hacking operations likely the work of a customer with ties to the Spanish government owing to the timing of the attacks and the victimology patterns, the Citizen Lab said.
News URL
https://thehackernews.com/2022/04/experts-uncover-spyware-attacks-against.html
Related news
- Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)