Security News > 2023 > April > NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders
Israeli spyware maker NSO Group deployed at least three novel "Zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab.
"NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory based at the University of Toronto said.
The misuse of Pegasus prompted the U.S. government to add NSO Group to its trade blocklist in late 2021, with Apple filing a lawsuit of its own against the company for targeting its users.
In July 2022, it emerged that the spyware was used against Thai activists involved in the country's pro-democracy protests between October 2020 and November 2021 using two zero-click exploits named KISMET and FORCEDENTRY. Two of the targets of the latest campaign unearthed by Citizen Lab include human rights defenders from Centro PRODH, which represents victims of the Mexican Army's extrajudicial killings and disappearances.
The attack targeting the journalist's iPhone is also significant for the fact that the device was an iPhone 6s, which is no longer compatible with the latest iOS version, indicating threat actors' penchant for exploiting known and unknown vulnerabilities to meet their goals.
To safeguard against spyware attacks, it's recommended to apply the latest operating system updates, upgrade outdated devices to newer iPhone or iPad models, and consider enabling Lockdown Mode.
News URL
https://thehackernews.com/2023/04/nso-group-used-3-zero-click-iphone.html