September 28, 2022

TheCyberThrone

Thinking Security ! Always

Pegasus targets Catalans

Citizen Lab researchers have published a report detailing the use of a new zero-click iMessage exploit, dubbed HOMAGE, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists.

The previously undocumented zero-click iMessage exploit HOMAGE works in attacks against iOS versions before 13.2.

Researchers identified atleast 65 individuals targeted or infected with spyware. 63 of them were targeted or infected with the  Pegasus spyware, and four others with the spyware developed by another surveillance firm named Candiru. The researchers reported that at least two of them were targeted or infected with both surveillance software.

Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations, the threat actors also targeted family members.

The researchers also noticed that the content used in the bait SMS messages suggests access to targets personal information, including the Spanish governmental ID numbers.

Advertisements

This isn’t the first time that Catalans were targeted by the NSO Group Pegasus Spyware, Citizen Lab has previously reported possible cases of domestic political espionage after detecting infections with the popular surveillance software. Multiple Catalans were targeted with Pegasus through the 2019 WhatsApp attack, at the time the spyware leveraged exploits for the CVE-2019-3568 vulnerability.

The Citizen Lab doesn’t explicitly attribute the attacks to a specific threat actor, but the nature of the targets suggests a link with Spanish authorities. All the targets were of interest to the Spanish government and experts pointed out that the specific timing of the targeting matches events of specific interest to the Spanish government.

%d bloggers like this: