24 August 21, 18:40
Quote:A never-before-seen, zero-click iMessaging exploit has been allegedly used to illegally spy on Bahraini activists with NSO Group’s Pegasus spyware, according to cybersecurity watchdog Citizen Lab.
The digital researchers are calling the new iMessaging exploit FORCEDENTRY.
In a report published on Tuesday, researchers said that they’ve identified nine Bahraini activists whose iPhones were inflicted with Pegasus spyware between June 2020 and February 2021. Some of the activists’ phones suffered zero-click iMessage attacks that, besides FORCEDENTRY, also included the 2020 KISMET exploit.
The activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society), Citizen Lab wrote.
At least one of the activists lived in London when the exploit was unleashed, Citizen Lab said. That’s a new twist, given that researchers have only seen the Bahraini government spying in Bahrain and Qatar, never in Europe. It could mean that the activist in London “may have been hacked by a Pegasus operator associated with a different government.” Citizen Lab suggested.
At least four of the targets were attacked by LULU: a Pegasus operator that Citizen Lab attributes with “high confidence” to the Bahraini government, which has a history of using commercially available spyware.
One of the activists was targeted in 2020 several hours after they revealed during an interview that their phone was infected with Pegasus in 2019.
Read more: Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day | Threatpost