Cyberweapons Manufacturer QuaDream Shuts Down

2023-04-25 10:09

Following a report on its activities, the Israeli spyware company QuaDream has shut down.

Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream's spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream's spyware.

The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions.

The suspected exploit, which we call ENDOFDAYS, appears to make use of invisible iCloud calendar invitations sent from the spyware's operator to victims.

We performed Internet scanning to identify QuaDream servers, and in some cases were able to identify operator locations for QuaDream systems.

News URL

https://www.schneier.com/blog/archives/2023/04/cyberweapons-manufacturer-quadream-shuts-down.html