Mercenary Spyware Hacked iPhone Victims With Rogue Calendar Invites, Researchers Say

Hackers using spyware made by a little known cyber mercenary company used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker, according to two reports. From a report: Researchers at Microsoft and the digital rights group Citizen Lab analyzed samples of malware they say was created by QuaDream, an Israeli spyware maker that has been reported to develop zero-click exploits -- meaning hacking tools that don't require the target to click on malicious links -- for iPhones. QuaDream has been able to mostly fly under the radar until recently. In 2021, Israeli newspaper Haaretz reported that QuaDream sold its wares to Saudi Arabia. The next year, Reuters reported that QuaDream sold an exploit to hack iPhones that was similar to one provided by NSO Group, and that the company doesn't operate the spyware, its government customers do -- a common practice in the surveillance tech industry.

QuaDream's customers operated servers from several countries around the world: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan, according to internet scans done by Citizen Lab. Both Citizen Lab and Microsoft published groundbreaking new technical reports on QuaDream's alleged spyware on Tuesday. Microsoft said it found the original malware samples, and then shared them with Citizen Lab's researchers, who were able to identify more than five victims -- an NGO worker, politicians, and journalists -- whose iPhones were hacked. The exploit used to hack those targets was developed for iOS 14, and at the time was unpatched and unknown to Apple, making it a so-called zero-day. The government hackers who were equipped with QuaDream's exploit used malicious calendar invites with dates in the past to deliver the malware, according to Citizen Lab.

In The Name Of Safety

[zenlessyank]

And in the spirit of American control, there is no choice but to outlaw the iPhone.

iOS 14

[gnasher719]

Does it still affect iOS 15 and iOS 16? Any newish iPhone can run iOS 16, and quite old ones can run iOS 15. Afaik any iPhone capable of running ios14 can run ios15.

mercenaries with calendar invites

[ljw1004]

Mercenary ... Rogue Calendar Invites

I'm imagining a tough-looking mercenary in faded ex-military fatigues, cackling with glee as he hits the Send button. "HA! I sent Auntie May an invitation for tea at 4pm but it's really at 3pm! hahaha!"

Uncle Roy?

[Anonymous Crowded]

Are we talking about an exploit or Uncle Roy clicking on everything he gets again?

Re:

[Anonymous Coward]

They do mention that the exploit is "zero click" so...

Sounds similar to story about UAE's Project Raven

[FauxReal]

Darknet Diaries covered Project Raven in 2019 which sounds similar to this. https://darknetdiaries.com/epi... [darknetdiaries.com]

Let's connect monolith spy devices to internet/SS7

[AnonymousHkr]

YAY! Hackers FTW.

What a stupid scumbag development. Cameras everywhere, people wielding their stupid Apple/Google devices with high resolution cameras pointed everywhere, on devices that are designed such that a software flaw can allow a remote silent exploit. This despite the extraordinary myriad cybersecurity advances.

You wouldn't be faulted for thinking that Apple/Google purposely design their devices to have "flaws" (i.e. design that allows 3rd parties to hack, a variation on plausible deniability

Need to hold these companies liable

[cpurdy]

These Israeli companies have already profited from helping to get journalists jailed and killed. They need to be held responsible for this. And it would be nice if the Israeli government didn't turn a blind eye to this evil.