Mercenary spyware hacked iPhone victims with rogue calendar invites

Share via:

Hackers using spyware created by a little-known cyber mercenary firm used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker.

Microsoft researchers and the digital rights organisation Citizen Lab examined malware samples purportedly created by QuaDream, an Israeli spyware maker known for developing zero-click exploits — hacking tools that do not require the target to click on malicious links — for iPhones.

Until recently, QuaDream was mostly able to fly under the radar. The Israeli newspaper Haaretz reported in 2021 that QuaDream had sold its wares to Saudi Arabia. The following year, Reuters reported that QuaDream sold a similar iPhone hacking exploit to NSO Group, and that while the company does not operate the spyware, its government customers do — a common practise in the surveillance tech industry.

According to Citizen Lab internet scans, QuaDream’s customers operated servers in the following countries: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan.

Microsoft stated that it discovered the original malware samples and shared them with Citizen Lab’s researchers, who were able to identify more than five victims whose iPhones were hacked, including an NGO worker, politicians, and journalists. The exploit used to hack those targets was created for iOS 14 and was unpatched and unknown to Apple at the time, making it a so-called zero-day. According to Citizen Lab, the government hackers who were equipped with QuaDream’s exploit delivered the malware via malicious calendar invites with dates in the past.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Mercenary spyware hacked iPhone victims with rogue calendar invites

Hackers using spyware created by a little-known cyber mercenary firm used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker.

Microsoft researchers and the digital rights organisation Citizen Lab examined malware samples purportedly created by QuaDream, an Israeli spyware maker known for developing zero-click exploits — hacking tools that do not require the target to click on malicious links — for iPhones.

Until recently, QuaDream was mostly able to fly under the radar. The Israeli newspaper Haaretz reported in 2021 that QuaDream had sold its wares to Saudi Arabia. The following year, Reuters reported that QuaDream sold a similar iPhone hacking exploit to NSO Group, and that while the company does not operate the spyware, its government customers do — a common practise in the surveillance tech industry.

According to Citizen Lab internet scans, QuaDream’s customers operated servers in the following countries: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan.

Microsoft stated that it discovered the original malware samples and shared them with Citizen Lab’s researchers, who were able to identify more than five victims whose iPhones were hacked, including an NGO worker, politicians, and journalists. The exploit used to hack those targets was created for iOS 14 and was unpatched and unknown to Apple at the time, making it a so-called zero-day. According to Citizen Lab, the government hackers who were equipped with QuaDream’s exploit delivered the malware via malicious calendar invites with dates in the past.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

https://pnn.digital/meds8-revolutionizing-healthcare-delivery-in-hyderabad-with-reliable-medicine-delivery-service-in-just-2-hours/

https://pnn.digital/meds8-revolutionizing-healthcare-delivery-in-hyderabad-with-reliable-medicine-delivery-service-in-just-2-hours/ Source link

Unicommerce Shares Hit Fresh All-Time Low At INR 161.05

SUMMARY Since listing on bourses in August, the stock...

Zepto’s 2024, Delivered In 10 Minutes

“We are trying yaar. I know some people...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!