Forwarded from BlackBox (Security) Archiv
The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit
This summer, iPhones belonging to as many as 36 Al Jazeera journalists were silently infected with malware, according to research released Sunday. They were subjected to silent attacks that appeared to exploit a vulnerability in Apple’s iOS and installed malware on the iOS devices, leaving reporters’ phones open to snooping, the researchers claimed.
In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked.
The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11.
Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.
The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
https://www.forbes.com/sites/thomasbrewster/2020/12/20/apple-security-warning-zero-click-iphone-hacks-hit-36-al-jazeera-journalists/
#ipwn #iphone #apple #journalists #hacked #nso #imessage #exploit #zeroclick #kismet #jazeera
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
This summer, iPhones belonging to as many as 36 Al Jazeera journalists were silently infected with malware, according to research released Sunday. They were subjected to silent attacks that appeared to exploit a vulnerability in Apple’s iOS and installed malware on the iOS devices, leaving reporters’ phones open to snooping, the researchers claimed.
In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked.
The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11.
Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.
The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
https://www.forbes.com/sites/thomasbrewster/2020/12/20/apple-security-warning-zero-click-iphone-hacks-hit-36-al-jazeera-journalists/
#ipwn #iphone #apple #journalists #hacked #nso #imessage #exploit #zeroclick #kismet #jazeera
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
The Citizen Lab
The Great iPwn
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute…
Chasing Your Tail (CYT)
https://github.com/ArgeliusLabs/Chasing-Your-Tail-NG
A comprehensive #WiFi probe request analyzer that monitors and tracks wireless devices by analyzing their probe requests. The system integrates with #Kismet for packet capture and WiGLE API for #SSID #geolocation analysis, featuring advanced #surveillance #detection capabilities.
Features
Real-time Wi-Fi monitoring with Kismet integration
Advanced surveillance detection with persistence scoring
Automatic GPS integration - extracts coordinates from Bluetooth GPS via Kismet
GPS correlation and location clustering (100m threshold)
Spectacular KML visualization for Google Earth with professional styling and interactive content
Multi-format reporting - Markdown, HTML (with pandoc), and KML outputs
Time-window tracking (5, 10, 15, 20 minute windows)
WiGLE API integration for SSID geolocation
Multi-location tracking algorithms for detecting following behavior
Enhanced GUI interface with surveillance analysis button
Organized file structure with dedicated output directories
Comprehensive logging and analysis tools
Requirements
Python 3.6+
Kismet wireless packet capture
Wi-Fi adapter supporting monitor mode
Linux-based system
WiGLE API key (optional)
https://github.com/ArgeliusLabs/Chasing-Your-Tail-NG
A comprehensive #WiFi probe request analyzer that monitors and tracks wireless devices by analyzing their probe requests. The system integrates with #Kismet for packet capture and WiGLE API for #SSID #geolocation analysis, featuring advanced #surveillance #detection capabilities.
Features
Real-time Wi-Fi monitoring with Kismet integration
Advanced surveillance detection with persistence scoring
Automatic GPS integration - extracts coordinates from Bluetooth GPS via Kismet
GPS correlation and location clustering (100m threshold)
Spectacular KML visualization for Google Earth with professional styling and interactive content
Multi-format reporting - Markdown, HTML (with pandoc), and KML outputs
Time-window tracking (5, 10, 15, 20 minute windows)
WiGLE API integration for SSID geolocation
Multi-location tracking algorithms for detecting following behavior
Enhanced GUI interface with surveillance analysis button
Organized file structure with dedicated output directories
Comprehensive logging and analysis tools
Requirements
Python 3.6+
Kismet wireless packet capture
Wi-Fi adapter supporting monitor mode
Linux-based system
WiGLE API key (optional)
GitHub
GitHub - ArgeliusLabs/Chasing-Your-Tail-NG: MUCH Improved version of the Python Chasing Your Tail Tool to help you determine if…
MUCH Improved version of the Python Chasing Your Tail Tool to help you determine if you're being followed - ArgeliusLabs/Chasing-Your-Tail-NG