Thursday, May 1, 2025
HomeCyber Security News3 iOS Zero-Click Exploits Exploited by NSO Group to Deploy Spyware

3 iOS Zero-Click Exploits Exploited by NSO Group to Deploy Spyware

Published on

SIEM as a Service

Follow Us on Google News

In 2022, NSO Group, the Israeli firm notorious for its spyware technology, reemerged with a slew of zero-click exploit chains designed for iOS 15 and iOS 16. 

These sophisticated chains of exploits, targeted at iPhones and iPads, were deployed against human rights activists in Mexico and worldwide.

In a recent press release, Citizen Lab published the results of its investigation into recent activities of the NSO Group.

- Advertisement - Google News

3 iOS Zero-Click Exploits

The investigative team at Citizen Lab has uncovered compelling evidence linking NSO Group to a digital espionage campaign aimed at human rights organizations in Mexico. 

Specifically, they’ve identified three exploit chains that launched Pegasus spyware attacks on groups like Centro PRODH, a legal advocacy group fighting against alleged abuses committed by the Mexican military.

Here below, we have mentioned the three iOS 15 and iOS 16 zero-click exploit chains that were used to launch Pegasus spyware:-

  • PWNYOURHOME
  • FINDMYPWN
  • LATENTIMAGE

Since then, Apple has made a HomeKit security update available with iOS 16.3.1

There has been a long history of the military and government of Mexico engaging in the following illicit activities:-

  • Grave human rights abuses
  • Extrajudicial killings
  • Disappearances

Targets

Furthermore, it has come to light that two individuals dedicated to promoting and protecting human rights, employed at Centro PRODH, have fallen victim to the notorious Pegasus spyware.

Pegasus targeted Centro PRODH during important events related to human rights violations by the Mexican Army, indicating an attempt to weaken their impact.

Jorge Santiago Aguirre Espinosa, Centro PRODH’s Director, had his device infected with Pegasus. He was previously targeted in 2017 when Citizen Lab discovered Pegasus infection attempts via a text message sent to his device in 2016.

In 2022, he was infected by the FINDMYPWN exploit at least twice. His device was infected with spyware between June 22, 2022, and July 13, 2022, when the spyware was active on it.

Mr. Aguirre’s phone was first infected on June 22, 2022, which coincided with the launch of Mexico’s truth commission on the Dirty War. The ceremony was held at a military camp witnessing many abuses.

After the ceremony, another member of the Centro PRODH, María Luisa Aguilar Rodríguez, who is the International Coordinator at Centro PRODH, became infected on June 23, 2022.

Her device was infected twice more using the FINDMYPWN exploit, and it was active on her phone between September 24 and 29, 2022.

Recommendation

Citizen Lab has refrained from disclosing additional details about Pegasus indicators to preserve their ability to identify infections. They suspect NSO Group of making concentrated efforts to avoid detection, which they continue to observe.

In October 2022 and January 2023, Citizen Lab notified Apple about their observations regarding these exploit chains.

As a recommendation, the cybersecurity researchers at Citizen Lab have urged all users who are at risk to enable the Lockdown Mode on their Apple devices.

Despite the potential for reduced usability, they believe the benefits of the feature may outweigh this cost by making it more expensive for attackers.

Building Your Malware Defense Strategy – Download Free E-Book

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...