Further Pegasus spyware victims and another zero-click exploit

Home / Threat Intelligence bulletins / Further Pegasus spyware victims and another zero-click exploit

Overview

Threat researchers at The Citizen Lab, a Canadian investigative group, have documented another exploit used by NSO Group’s Pegasus spyware in 2019 which has not previously been described publicly. Recent revelations have shown that the malware was used against members of the European Parliament, presidents, prime ministers and local government legislators in addition to its previously known use against journalists, dissidents and members of civil society.

Impact

An attacker using NSO spyware could take over an iPhone by sending a text message.

Vulnerability Detection

To see the current version on iOS go to
Settings > General > About

Affected Products

Some versions before iOS 13.2.

Containment, Mitigations & Remediations

Make sure to run the latest version of iOS to have all of the available security updates.

Indicators of Compromise

  • nnews[.]co
  • statsads[.]co
  • adsmetrics[.]co
  • redirstats[.]com
  • statsupplier[.]com
  • infoquiz[.]net
  • 123tramites[.]com

Threat Landscape

NSO Group claims that their software is only provided to government clients for the purpose of combating crime and terrorism. Reporting by The Citizen Lab and Amnesty International has shown that targets have included politicians, activists and members of civil society.

Mitre Methodologies

T1456 – Drive-by Compromise

T1477 – Exploit via Radio Interfaces

S0289 – Pegasus for iOS

Further Information

CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru

UK Government Officials Infected with Pegasus