Mercenary spyware hacked iPhone victims with rogue calendar invites

Share via:

Hackers using spyware created by a little-known cyber mercenary firm used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker.

Microsoft researchers and the digital rights organisation Citizen Lab examined malware samples purportedly created by QuaDream, an Israeli spyware maker known for developing zero-click exploits — hacking tools that do not require the target to click on malicious links — for iPhones.

Until recently, QuaDream was mostly able to fly under the radar. The Israeli newspaper Haaretz reported in 2021 that QuaDream had sold its wares to Saudi Arabia. The following year, Reuters reported that QuaDream sold a similar iPhone hacking exploit to NSO Group, and that while the company does not operate the spyware, its government customers do — a common practise in the surveillance tech industry.

According to Citizen Lab internet scans, QuaDream’s customers operated servers in the following countries: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan.

Microsoft stated that it discovered the original malware samples and shared them with Citizen Lab’s researchers, who were able to identify more than five victims whose iPhones were hacked, including an NGO worker, politicians, and journalists. The exploit used to hack those targets was created for iOS 14 and was unpatched and unknown to Apple at the time, making it a so-called zero-day. According to Citizen Lab, the government hackers who were equipped with QuaDream’s exploit delivered the malware via malicious calendar invites with dates in the past.

Sreejit Kumar
Sreejit Kumar
Hi, I'm Sreejit Kumar, a journalist with a Master's degree in Journalism. Through my education and professional experience, I have developed a keen eye for detail and a passion for uncovering the truth. As an author for this news website, I am committed to delivering accurate, timely, and engaging stories that inform and entertain our readers.

Popular

More Like this

Mercenary spyware hacked iPhone victims with rogue calendar invites

Hackers using spyware created by a little-known cyber mercenary firm used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker.

Microsoft researchers and the digital rights organisation Citizen Lab examined malware samples purportedly created by QuaDream, an Israeli spyware maker known for developing zero-click exploits — hacking tools that do not require the target to click on malicious links — for iPhones.

Until recently, QuaDream was mostly able to fly under the radar. The Israeli newspaper Haaretz reported in 2021 that QuaDream had sold its wares to Saudi Arabia. The following year, Reuters reported that QuaDream sold a similar iPhone hacking exploit to NSO Group, and that while the company does not operate the spyware, its government customers do — a common practise in the surveillance tech industry.

According to Citizen Lab internet scans, QuaDream’s customers operated servers in the following countries: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan.

Microsoft stated that it discovered the original malware samples and shared them with Citizen Lab’s researchers, who were able to identify more than five victims whose iPhones were hacked, including an NGO worker, politicians, and journalists. The exploit used to hack those targets was created for iOS 14 and was unpatched and unknown to Apple at the time, making it a so-called zero-day. According to Citizen Lab, the government hackers who were equipped with QuaDream’s exploit delivered the malware via malicious calendar invites with dates in the past.

Disclaimer

At StartupNews.fyi we strive to uphold the highest ethical standards in all of our reporting and coverage. We want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Sreejit Kumar
Sreejit Kumar
Hi, I'm Sreejit Kumar, a journalist with a Master's degree in Journalism. Through my education and professional experience, I have developed a keen eye for detail and a passion for uncovering the truth. As an author for this news website, I am committed to delivering accurate, timely, and engaging stories that inform and entertain our readers.

More like this

Elon Musk’s Starlink and Amazon enter satellite spectrum battle...

Elon Musk's Starlink and Amazon, led by Jeff Bezos,...

Kenyan court rules Meta as primary employer in content...

A Kenyan court has handed down a ruling stating...

Apple expands presence in India with plans for more...

Apple, the renowned technology company, is set to further...

Popular

Upcoming Events

Startup Bootcamp - Entrepreneurship Alchemy | May 18 - July 6

Transforming Ideas into Gold: Learn The Entrepreneurship Alchemy"

The Startup Mixer - Bengaluru | June 04

Pushstart presents The Startup Mixer, which is coming to Bengaluru on 4th June (Sunday).

The Startup Mixer - Mumbai | June 04

Pushstart presents The Startup Mixer, which is coming to Mumbai on 4th June (Sunday).

CoinDCX Lucknow Chapter - The Power of Web3 Communities | June 03

With the rapid growth of Web3 technologies, such as blockchain and crypto, it has...

Startup Information that matters. Get in your inbox Daily!

325th Startup Meetup @ Delhi 3rd June - Sold Out