EXECUTIVE SUMMARY:

A zero-day exploit in Apple’s iPhone enabled cyber criminals to hack into the mobile devices belonging to 36 international journalists. The attacks were carried out in July and August of 2020. All 36 phones were injected with the NSO Group’s Pegasus spyware.

The NSO Group asserts that it produces mobile spyware for the purpose of fighting crime and terror. The company denies any affiliation with nefarious government uses of its tools. However, external experts have previously suggested that its tools have been used for repressive purposes.

The attack perpetrators are believed to belong to a variety of APTs.

What else do we know about this zero-day exploit?

Researchers report that the hack weaponized an exploit chain called KISMET, which seemingly includes an invisible zero-click exploit in iMessage.

In 2019, a form of KISMET was used in an attempt to infiltrate the phones of this same group of individuals, along with the phone of an unaffiliated journalist.

Cyber security researchers believe that the infections observed in these circumstances only represent a small portion of the entire barrage of attacks that take advantage of this exploit.

iOS 14 and above are “immune” to this infection, as they have upgraded security features. For its part, Apple reports that it is investigating this exploit further.

The sophisticated spyware involved

Once upon a time, spyware capabilities were relatively simple and limited. Not so any longer. Pegasus spyware can record ambient sounds around phones, encrypted phone calls, it can take pictures, it can track users’ GPS locations and more.

Be sure that your phone and those of your colleagues or employees have cyber security that can block spyware. For more on this story, visit ThreatPost.