Apparently high-profile state-sponsored cyberattacks continue to be carried out without disturbance. According to news reports, a dangerous attack against Al Jazeera journalists was done by using an iPhone spyware utility that has been used by an advanced hacking group. From what is known at the moment it is suspected that the criminal group is sponsored by Saudi Arabia or the United Arab Emirates agencies.
Al Jazeera Journalists Attacked By iPhone Spyware Are Believed to Hva been Targeted By State Agencies
A very dangerous and high-profile attack has been reported in the security community by Citizen Lab based at the University of Toronto. Their in-depth research in the incident, which they call The Great iPwn, shows that this instance is regarded as extremely high-profile. According to the published information the Pegasus spyware (created by the NSO Group) has been used to successfully hack devices owned by Al Jazeera staff, including journalists, producers, anchors, and even executives.
The method of infiltration is believed to be a dangerous exploit chain called KISMET that involves an invisible zero-click in the iMessage app. This was previously used in zero-day attacks against the iPhone 11 back when the smartphone was first released. Upon further investigation, the researchers found out that the journalists were hacked by four Pegasus operators from different hacking groups. One of them is believed to be affiliated with a hacking group called MONARCHY that has links to Saudi Arabia, while another operator is believed to be a part of SNEAKY KESTREL, a hacking group that is associated with the United Arab Emirates.
The consequences of these infiltrations lie within the scope and targets of the hacking attack campaign. The targets are explicitly chosen to be journalists, which is assumed to mean that this is not simply a hacking intrusion, but a deliberate hostile surveillance attack. What this means is that the attackers have an agenda against the media and are possibly trying to hijack sensitive information that is part of their work.
The Pegasus Spyware is regarded as one of the most effective iPhone malware that has been used in high-profile attacks. This particular incident has also shed light on critical vulnerabilities in the popular devices sold by Apple. While they are compatible with older software versions of the iOS operating system, the hackers have been able to hijack the devices used by the journalists, this shows that updating the operating system and the associated applications is very important. It’s important to note that NSO’s software is sold to government clients and used to track criminals and terrorists, by design it is not to be used against ordinary citizens. It is possible that the hackers have obtained it by stealing it from someone who uses it.
The zero-click infection method shows that criminals are much more likely to use advanced approaches when attempting to infiltrate such targets. The term “zero-click” applies to virus infections that are done without user’s interaction with a hacker-controlled server or payload. Several advanced network-level manipulations may have been made to contaminate the devices of the specialists with the smartphone malware.
Like the original research team we highly recommend that iPhone users update their -devices with the latest security patches to prevent possible hacking attacks. While many of the facts surrounding the intrusions are starting to get published, more in-depth information will be released as the investigation continues.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: