Thread Contributor: AlbusSophisticated, persistent mobile attack against high-value targets on iOS
Saw an article on 3 zero-days in iOS that Apple's just patched, and thought I'd share it here.

Article Summary Wrote:Targeted attack scenarios against high-value mobile users are a real threat.

Citizen Lab and Lookout have uncovered an active threat using three critical iOS zero-day vulnerabilities that, when exploited, form an attack chain that subverts even Apple's strong security environment.

We have created two reports that discuss the use of this targeted attack against political dissidents and provide a detailed analysis of the malicious code itself.

In its report, Citizen Lab details how attackers targeted a human rights defender with mobile spyware, providing evidence that governments digitally harass perceived enemies, including activists, journalists, and human rights workers.

In its report, Lookout provides an in-depth technical look at the targeted espionage attack that is actively being used against iOS users throughout the world.

Citizen Lab also found evidence that state-sponsored actors used NSO's exploit infrastructure against a Mexican journalist who reported on corruption by Mexico's head of state, and an unknown target or targets in Kenya.

Pegasus is the most sophisticated attack we've seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile - always connected, voice communications, camera, email, messaging, GPS, passwords, and contact lists.

The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information.

It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android, and Blackberry.


IA Mirror

Forum Jump:

Users browsing this thread: 1 Guest(s)