Pegasus spyware has been recently used by four nation-state-backed APT groups, possibly with links to countries in the Middle East. The spy malware exploited a zero-day in the iMessage feature for Apple’s iPhone.
What has happened?
- The attack was carried out in July and August, which compromised personal phones belonging to 36 journalists, working for Al Jazeera. The spyware software used by these four groups, Pegasus, is commercially offered by the NSO Group.
- The compromised phones were attacked by using an exploit chain known as KISMET that involves an invisible zero-click exploit in iMessage. This exploit was discovered in July.
- The IMAgent process, a built-in application that handles iMessage and FaceTime, was responsible for Pegasus’s launch routines. It suggests the possible exploitation of FaceTime or iMessage notifications or messages.
- The phones were targeted via four different clusters of servers, which could be linked to up to four NSO Group operators, named Monarchy, Sneaky Kestral (or Sneaky Kestrel), Center-1, and Center-2.
- Pegasus is popularly used by nations around the world for surveillance and spying capabilities.
- Recently, allegations were raised about WhatsApp messenger being hacked by Pegasus, although Whatsapp denied these accusations.
- Earlier, a research report claimed that Pegasus is being operated and used in 45 countries.
The use of spyware such as Pegasus for espionage attacks shows the extent of commercialization malicious activities. Thus, experts suggest organizations to implement precautionary steps proactively. Smartphone users should always update their operating system to the latest version. In addition, they are recommended to avoid clicking on any link coming from an unknown sender and use two-factor authentication.