Spyware attack hits journalists, politicians via iPhone exploits; hackers used ‘QuaDream’

Meta had observed QuaDream testing its ability to exploit iOS and Android mobile devices with the intent "to exfiltrate various types of data including messages, images, video and audio files, and geolocation"

Meta had observed QuaDream testing its ability to exploit iOS and Android mobile devices with the intent
Meta had observed QuaDream testing its ability to exploit iOS and Android mobile devices with the intent "to exfiltrate various types of data including messages, images, video and audio files, and geolocation"

Hackers used QuaDream spyware to send malicious calendar invites and hack the iPhones

The fear of Pegasus-style spyware attack resurfaced after researchers at Microsoft and the digital rights group Citizen Lab identified new victims in North America, Central Asia, Southeast Asia, Europe, and the Middle East — once again from an Israel-based spyware maker.

Hackers used QuaDream spyware to send malicious calendar invites and hack the iPhones of journalists, political opposition figures, and NGO workers.

The researchers identified traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware. The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions.

Citizen Lab said in a statement, “Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware.”

Citizen Lab of the University of Toronto’s Munk School said, “The suspected exploit, which we call ‘ENDOFDAYS‘, appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims.”

Microsoft Threat Intelligence analysts named the threat group “DEV-0196” linked to Israel-based private sector offensive actor (PSOA) known as QuaDream.

QuaDream reportedly sells a platform they call REIGN to governments for law enforcement purposes. REIGN is a suite of exploits, malware, and infrastructure designed to exfiltrate data from mobile devices.

REIGN, like NSO Group’s Pegasus spyware, reportedly utilizes zero-click exploits to hack into target devices.

“Citizen Lab was able to identify operator locations for QuaDream systems in the following countries: Bulgaria, Czechia, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates, and Uzbekistan,” the tech giant revealed.

QuaDream has had a partnership with a Cypriot company called InReach, with whom it is currently embroiled in a legal dispute.

“Numerous key individuals associated with both companies have prior connections with another surveillance vendor, Verint, as well as Israeli intelligence agencies,” the reports mentioned.

An Apple spokesperson was quoted as saying in a TechCrunch report that “there’s no evidence showing the exploit discovered by Microsoft and Citizen Lab has been used after March 2021, when the company released an update”.

QuaDream was mentioned in a December 2022 report from Meta, which reportedly took down 250 accounts associated with the company.

According to the report, Meta observed QuaDream testing its ability to exploit iOS and Android mobile devices with the intent “to exfiltrate various types of data including messages, images, video and audio files, and geolocation”.

[With Inputs from IANS]

PGurus is now on Telegram. Click here to join our channel and stay updated with all the latest news and views

For all the latest updates, download PGurus App.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here