Pegasus Project: A Spyware of NSO Group

Posted on September 14, 2021  •  3 minutes  • 437 words

• On 18 July 2021, a report has been published with the collaboration of more than 80 journalists in 10 countries. Forbidden Stories and Amnesty International had coordinated the research. The Amnesty International Report

• NSO Group is a cybersecurity company based in Tel Aviv, Israel. A spyware tool or platform, called Pegasus developed by NSO Group has been used to access certain zero-day exploits to compromise the latest Apple products. iPhone models are targeted via zero-click iMessage attack methodology. The Forensic Methodology Report and Technical Details This spyware tool grants access to cameras, microphones, anything and everything on the infected devices. Many top-government officials of some countries were also in the list of a leaked 50.000 names. The interactive map of the list of names by OCCRP

• There were 14 head of the states in that potential target list: The Washington Post Article July 20, 2021

  • President of France, Emmanuel Macron,
  • President of Iraq, Barham Salih,
  • President of SouthAfrica, Cyril Ramaphosa,
  • Prime Minister of Pakistan, Imran Khan,
  • Prime Minister of Egypt, Mostafa Madbounly,
  • Prime Minster of Morocco, Saad-Eddine El Othmani
  • The King of Morocco, Mohammed VI.

• Former Prime Ministers: (While they were in the office.)

  • Yemen, Ahmed Obeid bin Daghr,
  • Lebanon, Saad Hariri,
  • Uganda, Ruhakana Rugunda,
  • France, Édouard Philippe,
  • Kazakhstan, Bakitzhan Sagintayev,
  • Algeria, Noureddine Bedoui,
  • Belgium, Charles Michel.

• As of 13 September 2021, Apple released security updates for affected products.

The privacy rights advocates accuse the NSO Group of selling its spyware tools to autocratic regimes and compromise the human rights of journalists and/or dissidents or anyone without any legal basis.

The attribution of the exploit with NSO Group is related to similar and distinctive types of attack:

“The spyware installed by the FORCEDENTRY exploit exhibited a forensic artifact that we call CASCADEFAIL, which is a bug whereby evidence is incompletely deleted from the phone’s DataUsage.sqlite file. In CASCADEFAIL, an entry from the file’s ZPROCESS table is deleted, but not entries in the ZLIVEUSAGE table that refer to the deleted ZPROCESS entry. We have only ever seen this type of incomplete deletion associated with NSO Group’s Pegasus spyware, and we believe that the bug is distinctive enough to point back to NSO.” FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild, September 13, 2021 by the Citizen Lab: Source

Lastly, the cybersecurity ecosystem created that kind of company to sell its products to those who give a higher amount of money or have a common interest. There is a crystal clear fact that if a person is targeted online via that kind of attack type, nobody is safe with the same products. Cover Image Credits: Eva Schuster