[TheRecord] NSO’s Pegasus spyware found on the devices of six Palestinian activists

The mobile phones of six Palestinian human rights activists have been infected with Pegasus, a spyware strain developed and sold by Israeli surveillance company NSO Group.

The malware was found by members of Frontline Defenders, a non-profit organization that works to protect human rights activists. Their findings were independently verified and confirmed by security researchers from Amnesty International and Citizen Lab.

Three of the hacked Palestinian activists agreed to have their names included in the reports. All three work for human rights and civil society groups that Israel added to a list of terrorist organizations in October 2021.

EU and UN officials, along with several international nonprofits, condemned and disputed this designation as misleading and unsubstantiated.

But investigators also pointed out that the Pegasus malware infections pre-dated this designation, with some infections going back as far back as July 2020.

TargetPositionApproximate dates when phones were hackedSIM(s)Ghassan HalaikaField researcher and human rights defender working for Alhaq(1) 2020-07-14 – 2020-07-18(1) MCC 425, MNC 07
(HOT Mobile – IL)Ubai AboudiExecutive Director at Bisan Center for Research and Development(1) 2021-02-12 – 2021-02-17(1) MCC 425, MNC 05
(Jawwal – PS)Salah HammouriLawyer and field researcher at Addameer Prisoner Support and Human Rights Association based in Jerusalem(1) 2021-04-12 – 2021-04-30(1) MCC 425, MNC 02
(Cellcom ltd. – IL)T4Human rights defender(1) 2021-04-12(1) MCC 425, MNC 02
(Cellcom ltd. – IL)T5Human rights defender(1) 2021-02-10
(2) 2021-04-03
(3) 2021-04-12(1) MCC 425, MNC 01
(Orange/Partner – IL)T6Human rights defender(1) 2020-11-04(1) MCC 425, MNC 05 (Jawwal – PS)

“Of interest is the fact that four hacked phones exclusively used SIMs issued by Israeli telecoms companies with Israeli (+972) phone numbers,” Amnesty International said in their report.

“NSO Group has said that exported versions of Pegasus cannot be used to hack Israeli phone numbers,” Amnesty added, highlighting again one of the company’s many contradictory statements about how the Pegasus malware is supposed to work and its safeguards.

Unfortunately, investigators didn’t find sufficient evidence to link the six hacked smartphones to any organization or government agency.

Over the past few years, NSO Group has become one of the most notorious spyware sellers in the world, next to HackingTeam and the Gamma Group.

Historically, Pegasus spyware has been associated with autocratic regimes. Known countries that have been identified as NSO and Pegasus customers include Israel, Qatar, Uzbekistan, Morocco, Mexico, Yemen, Hungary, Saudi Arabia, and Bahrain, among many others.

It’s exactly this particular clientele that has gotten the NSO Group in hot water last week when the US Department of Commerce sanctioned the NSO Group and three other hacking tool makers.

In NSO’s case, the US cited the fact that the company “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”

The post NSO’s Pegasus spyware found on the devices of six Palestinian activists appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] RCE is back: VMware details file upload vulnerability in vCenter Server

All posts, ZDNet

Once again, if a malicious actor can hit port 443 on vCenter Server, it’s goodnight nurse. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Fake human rights organization, UN branding used to target Uyghurs in ongoing cyberattacks

All posts, ZDNet

The ethnic group is being targeted in spy campaigns under the guise of the United Nations. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

All posts, HackerNews

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets. “Ransomware operators often buy access from independent cybercriminal groups who infiltrate major Source: Read More (The […]

Read More