iOS Zero-Click Exploits Used by Pegasus
Share this:
NSO Group, the Israeli firm known for its spyware technology, reemerged with a slew of zero-click exploit chains designed for iOS 15 and iOS 16.
These chains of exploits, targeted at iPhones and iPads, were deployed against human rights activists in Mexico and worldwide.
The report came up with the evidence linking NSO Group to a digital espionage campaign aimed at human rights organizations in Mexico.
Three exploit chains that launched Pegasus spyware attacks on groups has been mentioned below
- PWNYOURHOME
- FINDMYPWN
- LATENTIMAGE
It has come to light that two individuals dedicated to promoting and protecting human rights, employed at Centro PRODH, have fallen victim to the notorious Pegasus spyware.
Pegasus targeted Centro PRODH during important events related to human rights violations by the Mexican Army, indicating an attempt to weaken their impact.
Jorge Santiago Aguirre Espinosa, Centro PRODH’s Director, had his device infected with Pegasus. He was previously targeted in 2017 when Citizen Lab discovered Pegasus infection attempts via a text message sent to his device in 2016.
In 2022, he was infected by the FINDMYPWN exploit at least twice. His device was infected with spyware between June 22, 2022, and July 13, 2022, when the spyware was active on it.
Another member of the Centro PRODH, María Luisa Aguilar Rodríguez, who is the International Coordinator at Centro PRODH, became infected on June 23, 2022. Her device was infected twice more using the FINDMYPWN exploit, and it was active on her phone between September 24 and 29, 2022.
Researchers have refrained from disclosing additional details about Pegasus indicators to preserve their ability to identify infections.
It is recommended that users who are at risk to enable the Lockdown Mode on their Apple devices.
This research report was documented by researchers from Citizen Lab
