SELL FASTER BUY SMARTER SEARCH SHOP ADVERTS


SCROll DOWN TO SEE FORM TO POST ..SCROll DOWN TO SEE FORM TO POST
++MAP OR ENTER BELOW

THN

Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

Threat actors using hacking tools from an Israeli
surveillanceware vendor named QuaDream targeted at least five
members of civil society in North America, Central Asia, Southeast
Asia, Europe, and the Middle East.

According to findings from a group of researchers from the
Citizen Lab, the spyware campaign was directed against journalists,
political opposition figures, and an NGO worker in 2021. The names
of the victims were not disclosed.

It’s also suspected that the company abused a zero-click exploit
dubbed ENDOFDAYS in iOS 14 to deploy spyware as a
zero-day in version 14.4 and 14.4.2. There is no evidence that the
exploit has been used after March 2021.

ENDOFDAYS “appears to make use of invisible iCloud calendar
invitations sent from the spyware’s operator to victims,” the
researchers said[1], adding the .ics files
contain invites to two backdated and overlapping events so as to
not alert the users.

The attacks are suspected to have leveraged a quirk in iOS 14
that any iCloud calendar invitation with a backdated time received
by the phone is automatically processed and added to the users’
calendar without any notification or prompt.

The Microsoft Threat Intelligence team is tracking[2]
QuaDream as DEV-0196, describing it as a private
sector offensive actor (PSOA). While the cyber mercenary company is
not directly involved in targeting, it is known to sell its
“exploitation services and malware” to government customers, the
tech giant assessed with high confidence.

The malware, named KingsPawn, contains a
monitor agent and the primary malware agent, both of which are
Mach-O files written in Objective-C and Go, respectively.

While the monitor agent is responsible for reducing the forensic
footprint of the malware to evade detection, the main agent comes
with capabilities to gather device information, cellular and Wi-Fi
data, harvest files, access camera in the background, access
location, call logs, and iOS Keychain, and even generate an iCloud
time-based one-time password (TOTP).

Other samples support recording audio from phone calls and the
microphone, running queries in SQL databases, and cleaning up
forensic trails, such as deleting all calendar events from two
years prior to the current time. The data is exfiltrated via HTTPS
POST requests.

Internet scans carried out by the Citizen Lab reveal that
QuaDream’s customers operated 600 servers from several countries
around the world between late 2021 and early 2023, including
Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico,
Singapore, the U.A.E., and Uzbekistan.

Despite attempts made by the spyware to cover its tracks, the
interdisciplinary laboratory said it was able to uncover
unspecified traces of what it calls the “Ectoplasm Factor” that
could be used to track QuaDream’s toolset in the future.

This is not the first time QuaDream has attracted attention. In
February 2022, Reuters reported[3]
that the company weaponized the FORCEDENTRY zero-click exploit in
iMessage to deploy a spyware solution named REIGN.

Then in December 2022, Meta disclosed[4]
that it took down a network of 250 fake accounts on Facebook and
Instagram controlled by QuaDream to infect Android and iOS devices
and exfiltrate personal data.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter – Proven Strategies

Improve your business security with our upcoming expert-led
cybersecurity webinar: Explore Identity Perimeter strategies!

Don’t Miss Out – Save Your Seat![5]

If anything, the development is yet another indication that
despite the notoriety attracted by NSO Group, commercial spyware
firms continue to fly under the radar and develop sophisticated
spyware products for use by government clients.

“Until the out-of-control proliferation of commercial spyware is
successfully curtailed through systemic government regulations, the
number of abuse cases is likely to continue to grow, fueled both by
companies with recognizable names, as well as others still
operating in the shadows,” the Citizen Lab said.

Calling the growth of mercenary spyware companies as a threat to
democracy and human rights, Microsoft said combating such offensive
actors requires a “collective effort” and a “multistakeholder
collaboration.”

“Moreover, it is only a matter of time before the use of the
tools and technologies they sell spread even further,” Amy
Hogan-Burney, the company’s associate general counsel for
cybersecurity policy and protection, said[6].

“This poses real risk to human rights online, but also to the
security and stability of the broader online environment. The
services they offer require cyber mercenaries to stockpile
vulnerabilities and search for new ways to access networks without
authorization.”

Found this article interesting? Follow us on Twitter [7]
and LinkedIn[8]
to read more exclusive content we post.

References

  1. ^
    said
    (citizenlab.ca)
  2. ^
    tracking
    (www.microsoft.com)
  3. ^
    reported
    (thehackernews.com)
  4. ^
    disclosed
    (thehackernews.com)
  5. ^
    Don’t
    Miss Out – Save Your Seat!     (thehacker.news)
  6. ^
    said
    (blogs.microsoft.com)
  7. ^
    Twitter
     (twitter.com)
  8. ^
    LinkedIn
    (www.linkedin.com)

Read more

.An African People Search Engine Business directory and Entertainment Portal . Powered by The Swordpress Blog and the folks @ ojoojoo.com and Dotifi Web hosting

Submit A Place
Help Us Review This SwordPress !

RSS Latest News

Post Views: 842
[activity-stream]
THE HITCH hikers guide to Nigeria JobScout | Developed By Rara Theme. Powered by WordPress.
Get Mobile App Get Mobile App
Get Mobile App

Add a new location

Edit Location

Add up to 5 images to create a gallery for this location.

×