Posted on December 22, 2020 at 6:31 PM
A Middle East Cyberespionage campaign has compromised dozens of Al Jazeera journalists’ iPhones using a zero-click spyware attack.
The Citizen Lab at the University of Toronto published a report detailing how the hacking campaign was accomplished. The researchers said the personal phones of 36 journalists executives, anchors, and producers at Al Jazeera were compromised with the Pegasus malware. The report also revealed that a journalist at London-based Al Arqaby TV was also affected.
Pegasus was created by the NSO Group, an Israeli private intelligence firm. The malware allowed the threat actor to have access to important data stored on a mobile device without the knowledge of the victim.
The attack does not impact iOS 14
Citizen Lab researchers also revealed that the iPhones were compromised via the “invisible zero-click exploit iMessage” which was visible at the iOS 13.52. Version.
But the attack does not work against iOS 14, which includes new security protections. Apple commented that it has not independently verified the report by Citizen Lab, but admitted that the NSO- developed tools are not particularly targeted at ordinary iPhone users.
The researchers said it worked with Al Jazeera to discover that the iPhones have been targeted for more than a year.
Citizen Lab pointed out that there has been an increase in the number of zero-attacks in the industry and users who keep sensitive details in their mobile devices are at more risk of massive loss through these attacks.
The researchers further reiterated that tracking these zero-click attacks is more challenging since the “targets may not notice anything suspicious on their phone.”
Spyware connects to iPhone without the victim’s knowledge
Even when the target somehow noticed irregularities like “weird call behavior,” they may not find any traces on the device to stop it, the researchers conclude.
The investigation into the hack was carried out by Citizen Lab after one of the victims Tamer Almisshal reported that his phone may have been hacked and compromised with a malware attack.
When the researchers analyzed his phone, they discovered the phone was unknowingly connected to a server believed to be used by NSO when launching the Pegasus spyware. The device also showed its network activity is filled with communication sent by the spyware and delivered silently via iMessage.
The phone logs also show that the spyware is capable of secretly recording phone calls, and taking photos via the phone’s camera. The spyware is also capable of tracking the phone’s location and accessing the victim’s passwords.
The NSO hacking tool was created by the Israeli firm to assist law enforcement in their efforts against terrorism.
The attack was carried out by four NSO customers
Citizens Lab also revealed that the majority of the hackers were perpetrated by no less than four NSO customers, including governments of the United Arab Emirates andd Saudi Arabia.
However, the spyware market is not in support of what NSO customers do with the spyware. That’s because some of the NSO customers have used the spyware in a way not morally and legally acceptable. For instance, it was alleged that Saudi Arabia used surveillance spyware to spy on the messages of columnist Jamal Khashoggi before he was murdered in the Saudi embassy in Turkey.
At the time, the U.S. intelligence accused Crown Prince Mohammed bin Salman of his murder.
This is not the first time the NSO group has been callout out after a hack. There have been reports and lawsuits filed against the firm after previous hacks, including the alleged hack on Amazon boss Jeff Bezos.
In 2018, a Saudi dissident sued the firm, accusing them of their involvement in the hack of Jamal Khashoggi’s device.
Activists and journalists from Qatar and Mexico have also sued the firm for providing hacking tools to groups involved in various hacking incidents.
The NSO Group has been largely quiet, opting to remain that way during several accusations against the firm and only making representations in court when a case is filed against it.
However, it responded to Citizen Lab’s most recent report about the firm. According to NSO, the memo doesn’t have any concrete proof or evidence against the firm, and all the contents in the report are mere assumptions and speculations.
“This memo is based, once again, on speculation and lacks any evidence supporting a connection to NSO,” an NSO spokesperson commented.