Monday, July 15, 2024

Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries

New research reveals that Israel based NSO Group using powerful mobile based Pegasus Spyware to conducting massive surveillance in 45 countries across the globe.

NSO Group is operating from Israel where they produce and sells a mobile phone spyware named as Pegasus to governments and private entities to perform massive Surveillance operation in order to gain sensitive information from the targeted victims.

Pegasus spyware previous operation launched against UAE activist Ahmed Mansoor in Aug 2016 which contains a Zero-day exploit for the Apple iPhone along with Spyware that targets his iPhone 6 to spying his Phone activities.

NSO Group basically operating as a “cyber war” company that sells Pegasus spyware to government agencies and private firms as a “lawful intercept” software.

Researchers believe that at least 10 Pegasus operators appear to be actively engaged behind this Surveillance operation across the 45 countries.

Pegasus spyware is one of the most sophisticated and powerful spyware that perform various malicious activities in both android and iPhone such as stealing private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.

As of now, researchers discovered 36 distinct Pegasus systems and each one perhaps run by a separate operator and they suspect the Pegasus infections associated with 33 of the 36 Pegasus operators and they Surveillance 45 Following Countries.

Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia

Pegasus Spyware Surveillance Operation

Researchers developed a new technique called Athena found 1,091 IP addresses matched with the fingerprint and 1,014 domain names are pointed to the  NSO Group.

Later on, the countries that are under Surveillance was identified by conducting a global DNS Cache Probing study on the matching domain names which helps to find in which countries each operator was spying.

According to citizen lab research, To monitor a target, a government operator of Pegasus must convince the target to click on a specially crafted exploit link, which, when clicked, delivers a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission.

After the successful exploitation of the phone, it starts communicating with the operator via command & controls sever in order to receive further operation command.

Communication is established to the Pegasus spyware via HTTPS request and it requires operators to register and maintain domain names.

Domain names that used to exploit links mimic as mobile providers, online services, banks, and government services

An operator may have several domain names that they use in exploit links they send, and also have several domain names they use for C&C. The domain names often resolve to cloud-based virtual private servers (we call these front-end servers) rented either by NSO Group or the operator. Researchers said.

NSO Group Denied

In this case, NSO Group Denied the citizen lab findings and said, “There are multiple problems with Citizen Lab’s latest report. Most significantly, the list of countries  in which NSO is alleged to operate is simply inaccurate.”

“NSO does not operate in many of the countries listed. The product is only licensed to operate in countries approved under our Business Ethics Framework and the product will not operate outside of approved countries”

Also Read:

Spyware Company Got Hacked – Attackers Stole Login Credentials, Audio Recordings, Pictures, and Text Messages

Sophisticated Spyware Attack on Military Mobile Devices to Record Phone Calls & Take a Picture


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles