NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits

  /     /     /  
Publicated : 23/11/2024   Category : security


NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits


An investigation concludes that NSO Group was hired in 2022 to deploy Pegasus spyware against human rights workers in Mexico and other targets.



Israeli spyware firm NSO Group is back with at least three new iOS 15 and iOS 16 zero-click exploit chains, which were used against human rights activists in Mexico and elsewhere across the world in 2022.
The Citizen Lab, an interdisciplinary research organization in Toronto focused on communications technologies, human rights, and global security, recently released the results of its
investigation into NSO Groups
recent activities.
The Citizen Lab team reported finding evidence that NSO Group was hired to use the exploit chains (known as PWNYOURHOME, FINDMYPWN, and LATENTIMAGE) to deploy
Pegasus spyware
against human rights groups in Mexico, including Centro PRODH, which represents families accusing the countrys military of abuses.
Our ensuing investigation led us to conclude that, in 2022, NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world, Citizen Labs report said.
Apple has since issued a HomeKit security update in iOS.16.3.1, the The Citizen Lab added.
Citizen Lab recommends high-risk users use the iOS 16 feature known as
Lockdown Mode.
With Lockdown Mode engaged, targets of PWNYOURHOME exploit chain were provided with real-time alerts.
Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled, Citizen Lab said.
The revelations come on the heels of Citizen Lab and Microsoft 
outing another Israel-based spyware organization
, dubbed QuaDream, which was offering cyber espionage tools and services to international governments to monitor and spy on private individuals. Shortly after the expose, QuaDream said it was closing up shop.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits