Pegasus spyware has been recently used by four nation-state-backed APT groups. Read on to know more…
Pegasus spyware has been recently used by four nation-state-backed APT groups, possibly with links to countries in the Middle East. The spy malware exploited a zero-day in the iMessage feature for Apple’s iPhone.
The Spyware Attack
In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The spyware software used by these four groups, Pegasus, is commercially offered by the NSO Group.
The Technicalities
The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11.
Based on logs from compromised phones, it is said that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.
The IMAgent process, a built-in application that handles iMessage and FaceTime, was responsible for Pegasus’s launch routines. It suggests the possible exploitation of FaceTime or iMessage notifications or messages.
The phones were targeted via four different clusters of servers, which could be linked to up to four NSO Group operators, named Monarchy, Sneaky Kestral (or Sneaky Kestrel), Center-1, and Center-2.
Recent Attacks
Pegasus is popularly used by nations around the world for surveillance and spying capabilities. Recently, allegations were raised about WhatsApp messenger being hacked by Pegasus, although Whatsapp denied these accusations. Earlier, a research report claimed that Pegasus is being operated and used in 45 countries.
Conclusion
The use of spyware such as Pegasus for espionage attacks shows the extent of commercialization malicious activities. Thus, experts suggest organizations to implement precautionary steps proactively. Smartphone users should always update their operating system to the latest version. In addition, they are recommended to avoid clicking on any link coming from an unknown sender and use two-factor authentication.