Get in Touch
Further Pegasus spyware victims and another zero-click exploit
Overview
Threat researchers at The Citizen Lab, a Canadian investigative group, have documented another exploit used by NSO Group’s Pegasus spyware in 2019 which has not previously been described publicly. Recent revelations have shown that the malware was used against members of the European Parliament, presidents, prime ministers and local government legislators in addition to its previously known use against journalists, dissidents and members of civil society.
Impact
An attacker using NSO spyware could take over an iPhone by sending a text message.
Vulnerability Detection
To see the current version on iOS go to
Settings > General > About
Affected Products
Some versions before iOS 13.2.
Containment, Mitigations & Remediations
Make sure to run the latest version of iOS to have all of the available security updates.
Indicators of Compromise
- nnews[.]co
- statsads[.]co
- adsmetrics[.]co
- redirstats[.]com
- statsupplier[.]com
- infoquiz[.]net
- 123tramites[.]com
Threat Landscape
NSO Group claims that their software is only provided to government clients for the purpose of combating crime and terrorism. Reporting by The Citizen Lab and Amnesty International has shown that targets have included politicians, activists and members of civil society.
Mitre Methodologies
T1456 – Drive-by Compromise
T1477 – Exploit via Radio Interfaces
S0289 – Pegasus for iOS
Further Information
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru