Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections

[silversurfer]

Israeli-based NSO Group is being blasted in a groundbreaking report that alleges that the company’s controversial Pegasus malware is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits — including a zero-click zero-day in iOS.
 
A consortium of journalists leveled the allegations in a report called Pegasus Project, which was published Sunday. It examined leaked data from the NSO Group, which revealed a cache of more than 50,000 mobile phone numbers worldwide that the firm was storing, according to the report published by the Guardian newspaper.
 
The report accuses NSO Group of selling its spy tool, Pegasus, to unidentified third-parties, including governments, who then use it to infect the phones of dissidents and other people who may be critical of a given regime. The malware can secretly take remote control of the phone to monitor activity, enabling “customers” to even read encrypted messages of their targets sent via Signal and Telegram.
 
“The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016,” according to the Guardian report.
The Guardian, along with 16 additional media organizations, concluded that the NSO Group’s Pegasus malware is in widespread use and used to target more than just criminals and terrorists, as the company insists are the primary and only targets of its spyware.
 
In a statement issued by the NSO Group, it denies claims made in the Guardian report and those made by the Pegasus Project. It countered the report’s conclusions are based on “uncorroborated theories” that are “based on misleading interpretation of leaked data.”
 
Amnesty International found in its report that the spyware is under active development, consistently adding zero-day exploits into the mix, including in iPhone attacks observed as recently as this month. Those attacks have been effective against the latest version of iOS, and are “zero-click,” meaning that no user interaction or action is required to deliver an infection, according to the report.

Read more: Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections | Threatpost