Security Experts Warn About Sophisticated Spyware Similar to NSO Group’s Pegasus
Security professionals have raised concerns over the emergence of advanced spyware, comparable to the infamous NSO Group’s Pegasus, that has been used by clients to target journalists, political opposition figures, and an NGO employee. The Citizen Lab at the University of Toronto’s Munk School discovered that the spyware, developed by Israeli company QuaDream, infected victims’ phones by sending iCloud calendar invitations unnoticed. Known as “zero-click” attacks, victims do not need to interact with any malicious links for their devices to be compromised.
QuaDream markets the hacking tool under the name Reign, and the attacks observed took place between 2019 and 2021. The discovery highlights the continued threat posed by sophisticated hacking tools, even as NSO Group faces scrutiny and restrictions on new clients. Similar to Pegasus, Reign can record conversations, read encrypted app messages, listen to phone calls, track location, and generate two-factor authentication codes to infiltrate iCloud accounts.
Apple, praised for its security features, now faces another challenge, as Reign proves to be a new and formidable threat to the integrity of its mobile phones. Apple responded by stating that it is constantly advancing iOS security and there is no indication that QuaDream’s exploit has been used since 2021. They also emphasized that highly targeted cyberattacks of this nature are costly and aimed at specific individuals.
Citizen Lab revealed that Reign’s victims included journalists, political figures, and an employee of an NGO across several regions, including North America, Central Asia, Europe, and the Middle East. The spyware’s operator locations were traced to various countries, including Bulgaria, Mexico, Singapore, and the UAE.
While NSO Group is well-known, QuaDream maintains a lower public profile. The company was briefly mentioned in a Meta security report in 2022, which revealed its Israeli-based origins and connections to ex-NSO employees. Attempts to contact QuaDream for comment have been unsuccessful.
Citizen Lab conducted its analysis with the help of Microsoft Threat Intelligence, which confirmed a connection between a tracked threat group and QuaDream. Microsoft is sharing detailed information to raise awareness about spyware companies and their activities.