Hackers using spyware created by a little-known cyber mercenary firm used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker.
Microsoft researchers and the digital rights organisation Citizen Lab examined malware samples purportedly created by QuaDream, an Israeli spyware maker known for developing zero-click exploits — hacking tools that do not require the target to click on malicious links — for iPhones.
Until recently, QuaDream was mostly able to fly under the radar. The Israeli newspaper Haaretz reported in 2021 that QuaDream had sold its wares to Saudi Arabia. The following year, Reuters reported that QuaDream sold a similar iPhone hacking exploit to NSO Group, and that while the company does not operate the spyware, its government customers do — a common practise in the surveillance tech industry.
According to Citizen Lab internet scans, QuaDream’s customers operated servers in the following countries: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan.
Microsoft stated that it discovered the original malware samples and shared them with Citizen Lab’s researchers, who were able to identify more than five victims whose iPhones were hacked, including an NGO worker, politicians, and journalists. The exploit used to hack those targets was created for iOS 14 and was unpatched and unknown to Apple at the time, making it a so-called zero-day. According to Citizen Lab, the government hackers who were equipped with QuaDream’s exploit delivered the malware via malicious calendar invites with dates in the past.