Experts Discover Spyware Attacks on Catalan Politicians and Activists


Experts Discover Spyware Attacks on Catalan Politicians and Activists

At least 65 people were infected as part of a "multi-year clandestine operation" using a previously unknown zero-click exploit in Apple's iMessage.

Catalan President Artur Mas, members of the European Parliament, legislators, judges, and civil society leaders were among the victims, according to a new report from the University of Toronto's Citizen Lab. Family members may have been infected, too, according to some reports.

Pegasus infected 63 people, while Candiru infected four others, and iPhones belonging to at least two of those infected were compromised by both. According to reports, the majority of the incidents took place between 2017 and 2020.

Experts Discover Spyware Attacks on Catalan Politicians and Activists

On October 28, 2019, Apple released iOS 13.2, which contained a vulnerability dubbed HOMAGE that allowed attackers to gain access to iPhones and iPads that were running older versions of the operating system. It's important to note that iOS 15.4.1 is the most recent version.

In spite of the fact that the intrusions were not linked to a specific government or organization, the Citizen Lab suggested a link to the Spanish government because of the ongoing conflict between Spain and Catalonia.

Following a previous investigation by The Guardian and El Pas in July 2020, the findings reveal that the Pegasus surveillance ware was used to target Catalan pro-independence supporters through a vulnerability in WhatsApp.

Experts Discover Spyware Attacks on Catalan Politicians and Activists

Catalan targets' iPhones were hacked with Pegasus using multiple zero-click iMessage and SMS exploits, as well as the now-patched WhatsApp vulnerability (CVE-2019-3568).

A WebKit instance in the process was launched as a result of an iMessage zero-click component's lookup for a Pegasus email address in the HOMAGE exploit, according to the researchers. "The HOMAGE exploit appears to have been used during the last months of 2019," they said.

Considering the fact that the exploit was only fired on devices running iOS versions 13.1.3 and lower, it is likely that Apple closed the issue in iOS 13.2. Another exploit chain called KISMET, which was in iOS 13.5.1, is also being used.

As a result of an email-based social engineering attack, the four individuals who were infected with Candiru's spyware were tricked into opening links about COVID-19 and messages claiming to be from the Mobile World Congress (MWC), an annual trade show that takes place in Barcelona.

Spyware called DevilsTongue by Microsoft has been developed by both Pegasus and Candiru that is designed to gain complete control over sensitive data stored on mobile and desktop devices.

It can read texts, listen to calls, collect passwords, and track locations as well as access the target device's microphone and camera, according to researchers. "It is also possible to monitor encrypted phone calls and chats, even if they are encrypted. Even after the infection has ended, the technology can continue to have access to the cloud accounts of the victims."

An infrastructure overlap between NSO Group's Pegasus and Candiru suggests that a Spanish government customer is responsible for the hacking operations based on their timing and victimology, according to Citizen Lab.

"The case is notable because of the unrestrained nature of the hacking activities," the researchers concluded.

This case raises serious concerns about the country's intelligence and security agencies being properly supervised and whether authorities must adhere to a strict legal framework when engaging in hacking activities if the Spanish government is to blame.


Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post