Government-Backed Hackers Exploit iPhone Vulnerabilities to Install Spyware
A recent report from Google's Threat Analysis Group (TAG) indicates that iPhone devices are being compromised through zero-day vulnerabilities by government-backed hackers. Their goal is to conduct surveillance operations.
These hackers exploited three such zero-day vulnerabilities present in iPhones using spyware developed by a European startup, according to the TAG report published on Tuesday.
The TAG investigated several government-associated attack campaigns, which were carried out using solutions provided by companies specializing in such tools. For instance, the product of a Barcelona-based startup, Variston, was one of the tools utilized.
In one of the examined cases, attackers leveraged three zero-day vulnerabilities simultaneously. Such vulnerabilities are called zero-days because the software developers, Apple in this instance, were unaware of their existence at the time of the attack. The Variston solution was the tool used to execute this particular attack.
Google's research found that an unidentified client used the vulnerabilities to target iPhones in Indonesia. The attack started with an SMS containing a malicious link, which redirected the unsuspecting victim to an article on an Indonesian newspaper's website, while in the background, the spyware was installed on the iPhone.
Although Variston has been under Google TAG's radar before and has lost many employees over the past few years, attempts made by _TechCrunch_ to contact former employees were unfruitful due to confidentiality agreements.
While the TAG report does not name the employees, it states that Variston is "collaborating with several other organizations" in the development of spyware.
Similar surveillance methods, such as those used by the spyware Pegasus developed by the Israeli firm NSO Group, could also have been employed to monitor Hungarian individuals through exploitation of vulnerabilities on their iPhones.
The TAG investigated several government-associated attack campaigns, which were carried out using solutions provided by companies specializing in such tools. For instance, the product of a Barcelona-based startup, Variston, was one of the tools utilized.
In one of the examined cases, attackers leveraged three zero-day vulnerabilities simultaneously. Such vulnerabilities are called zero-days because the software developers, Apple in this instance, were unaware of their existence at the time of the attack. The Variston solution was the tool used to execute this particular attack.
Google's research found that an unidentified client used the vulnerabilities to target iPhones in Indonesia. The attack started with an SMS containing a malicious link, which redirected the unsuspecting victim to an article on an Indonesian newspaper's website, while in the background, the spyware was installed on the iPhone.
Although Variston has been under Google TAG's radar before and has lost many employees over the past few years, attempts made by _TechCrunch_ to contact former employees were unfruitful due to confidentiality agreements.
While the TAG report does not name the employees, it states that Variston is "collaborating with several other organizations" in the development of spyware.
Similar surveillance methods, such as those used by the spyware Pegasus developed by the Israeli firm NSO Group, could also have been employed to monitor Hungarian individuals through exploitation of vulnerabilities on their iPhones.
AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
