"'CatalanGate' Spyware Infections Tied to NSO Group"

The Israeli-based NSO Group exploited an unknown zero-click exploit in Apple's iMessage to plant Pegasus or Candiru malware on iPhones belonging to politicians, journalists, and activists. Citizen Lab and Catalan-based researchers revealed this finding in a report claiming 65 people were targeted or infected with malware through an iPhone vulnerability called HOMAGE. According to the report, the NSO Group and a second firm, Candiru, were behind the campaigns that were carried out between 2017 and 2020. Candiru, also known as Sourgum, is a commercial firm that allegedly sells surveillance malware called DevilsTongue to governments worldwide. The Apple iMessage HOMAGE vulnerability is a zero-click vulnerability, thus it does not require any interaction by the victims to secretly install malware onto targets' systems. Versions of Apple's iOS software have not been vulnerable to HOMAGE attacks since 2019. The hacking covers civil society in Catalonia, including academics, activists, and Non-Governmental Organizations (NGOs). Catalonia's government and elected officials were also extensively targeted. Researchers are not conclusively attributing the attacks to a specific entity, but evidence suggests Spanish authorities were likely behind the operation. They called out Spain's National Intelligence Center (CNI) as the likely perpetrator, citing its history of surveillance and espionage scandals. The attackers infected victims through zero-click exploits and malicious SMS messages. Zero-click exploits are difficult to combat because they do not require victims to engage in any activity. Citizen Lab alleges that victims were targeted with the Pegasus malware using the zero-click iOS exploit and a known malicious SMS message vulnerability used by the NSO Group to spread its Pegasus malware. HOMAGE was also believed to have been used six times in 2019 and 2020. This article continues to discuss CatalanGate spyware infections and their link to the NSO Group. 

Threatpost reports "'CatalanGate' Spyware Infections Tied to NSO Group"

Submitted by Anonymous on