Saturday, January 18, 2025
HomeAndroidHackers using Android & iOS Spyware "Pegasus" to Conducting Massive Surveillance...

Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries

Published on

SIEM as a Service

Follow Us on Google News

New research reveals that Israel based NSO Group using powerful mobile based Pegasus Spyware to conducting massive surveillance in 45 countries across the globe.

NSO Group is operating from Israel where they produce and sells a mobile phone spyware named as Pegasus to governments and private entities to perform massive Surveillance operation in order to gain sensitive information from the targeted victims.

Pegasus spyware previous operation launched against UAE activist Ahmed Mansoor in Aug 2016 which contains a Zero-day exploit for the Apple iPhone along with Spyware that targets his iPhone 6 to spying his Phone activities.

NSO Group basically operating as a “cyber war” company that sells Pegasus spyware to government agencies and private firms as a “lawful intercept” software.

Researchers believe that at least 10 Pegasus operators appear to be actively engaged behind this Surveillance operation across the 45 countries.

Pegasus spyware is one of the most sophisticated and powerful spyware that perform various malicious activities in both android and iPhone such as stealing private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.

As of now, researchers discovered 36 distinct Pegasus systems and each one perhaps run by a separate operator and they suspect the Pegasus infections associated with 33 of the 36 Pegasus operators and they Surveillance 45 Following Countries.

Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia

Pegasus Spyware Surveillance Operation

Researchers developed a new technique called Athena found 1,091 IP addresses matched with the fingerprint and 1,014 domain names are pointed to the  NSO Group.

Later on, the countries that are under Surveillance was identified by conducting a global DNS Cache Probing study on the matching domain names which helps to find in which countries each operator was spying.

According to citizen lab research, To monitor a target, a government operator of Pegasus must convince the target to click on a specially crafted exploit link, which, when clicked, delivers a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission.

After the successful exploitation of the phone, it starts communicating with the operator via command & controls sever in order to receive further operation command.

Communication is established to the Pegasus spyware via HTTPS request and it requires operators to register and maintain domain names.

Domain names that used to exploit links mimic as mobile providers, online services, banks, and government services

An operator may have several domain names that they use in exploit links they send, and also have several domain names they use for C&C. The domain names often resolve to cloud-based virtual private servers (we call these front-end servers) rented either by NSO Group or the operator. Researchers said.

NSO Group Denied

In this case, NSO Group Denied the citizen lab findings and said, “There are multiple problems with Citizen Lab’s latest report. Most significantly, the list of countries  in which NSO is alleged to operate is simply inaccurate.”

“NSO does not operate in many of the countries listed. The product is only licensed to operate in countries approved under our Business Ethics Framework and the product will not operate outside of approved countries”

Also Read:

Spyware Company Got Hacked – Attackers Stole Login Credentials, Audio Recordings, Pictures, and Text Messages

Sophisticated Spyware Attack on Military Mobile Devices to Record Phone Calls & Take a Picture

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...

Thousands of PHP-based Web Applications Exploited to Deploy Malware

A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web...