‘CatalanGate’ Spyware Infections Tied to NSO Group

Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.

An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists and activists.

Citizen Lab, in collaboration with Catalan-based researchers, released the finding in a report on Monday that claims 65 people were targeted or infected with malware via an iPhone vulnerability called HOMAGE. It asserts the controversial Israeli firm the NSO Group and a second firm Candiru were behind the campaigns that took place between 2017 and 2020.

Candiru, aka Sourgum, is a commercial firm that allegedly sells the DevilsTongue surveillance malware to governments around the world. The Apple iMessage HOMAGE bug is a so-called zero-click vulnerability, meaning no interaction by the victims is needed to surreptitiously install malware on intended targets. Since 2019, versions of Apple’s iOS software are no longer vulnerable to HOMAGE attacks.
Catalan Politicians and Activists Targeted

“The hacking covers a spectrum of civil society in Catalonia, from academics and activists to non-governmental organizations (NGOs). Catalonia’s government and elected officials were also extensively targeted,” wrote authors of the Citizen Lab report that included John Scott-Railton,

Read More: https://threatpost.com/catalangate-spyware/179336/