Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab – 2023

Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time.
We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.

The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call ENDOFDAYS, appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims.

#Quadream #spyware #ENFOFDAYS #Ios #Calendar #Icloud

The growth of commercial spyware based intelligence providers without legal or ethical supervision – Talos - July 2023

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat initially came to light with the leaks of HackingTeam back in 2015, but gained new notoriety with public reporting on the NSO Group, and, in the years that have followed, the landscape has exploded.

There are now numerous companies with similar offerings, like Intellexa, DSIRF, Variston IT, and the newly disclosed Quadream representing just a small subset — there are likely more that are operating covertly today.

#Quadream #VaristonIT #DSIRF #Intellexa #NSO