Amnesty International just shared a new report that detailed more about possible hacks against two leading journalists from Serbia. This was done through the spyware Pegasus that belongs to the NSO Group.
The two journalists were members of the BIRN, which is Siberia’s Balkan-based investigative group. They got suspicious texts including links. Those who fell victim to the phishing attack would click on the link, assuming it was a safe environment, but researchers were shocked to see the result.
The links were related to a domain that belonged to the NSO Group’s system that could target activists and journalists. The tech research allows Amnesty to highlight any malicious site that delivers Pegasus spyware, including a domain used for the campaign.
Security researchers who continue to keep tabs on activities belonging to the NSO mentioned how they’re experts at spotting signs related to NSO’s spyware attempts. It has to do with researchers looking at domains quickly that could be engaged in this type of attack.
So many NSO group and their clients continue to lose out on battles to stay hidden or disguised. The leading problem here is how they’re not as deceiving as they believe they could be. There is plenty of evidence that proves how the claims about getting caught are true.
We saw how the Citizen Lab in 2016 rolled out the first tech report documenting attacks rolled out through Pegasus. This happened to target an individual from the UAE. After that, in less than a decade, we saw researchers highlight 130 people from different places around the globe hitting and hacking the company’s spyware as per a running tally by security expert Runa Sandvik.
The number of targeted victims is better shown through the Pegasus Project. It’s a collective journalistic means to investigate abusive NSO spyware that was dependent on leaked lists of nearly 50,000 phone numbers. They entered the NSO Group’s target system.
With time, there were more than a dozen people, but now there are more protections up for grabs that keep people safe and aware of such attacks. Other than Amnesty and Citizen Lab, another nonprofit by the name Access Now is assisting with the process of user safety and security.
But it’s not only nonprofits that are calling out the Pegasus Spyware group. We similarly saw Apple catching them in action by rolling out alerts to victims of this spyware located all over the globe. This prompted users to seek help through Access Now.
More tech reports continue to document spyware attacks rolled out through Pegasus as well as those generated by other firms. Maybe the NSO Group’s issues lie in the fact that it makes sales to other nations using it thoroughly, such as reporters and civil society members.
The biggest OPSEC mistake here appears to be how the NSO Group continues to sell to those nations targeting media personnel but end up exposing themselves along the way.
Image: DIW-Aigen
Read next: OpenAI Shares Fivefold Rise in Bug Bounty Rewards for Exceptional Security Vulnerabilities
The two journalists were members of the BIRN, which is Siberia’s Balkan-based investigative group. They got suspicious texts including links. Those who fell victim to the phishing attack would click on the link, assuming it was a safe environment, but researchers were shocked to see the result.
The links were related to a domain that belonged to the NSO Group’s system that could target activists and journalists. The tech research allows Amnesty to highlight any malicious site that delivers Pegasus spyware, including a domain used for the campaign.
Security researchers who continue to keep tabs on activities belonging to the NSO mentioned how they’re experts at spotting signs related to NSO’s spyware attempts. It has to do with researchers looking at domains quickly that could be engaged in this type of attack.
So many NSO group and their clients continue to lose out on battles to stay hidden or disguised. The leading problem here is how they’re not as deceiving as they believe they could be. There is plenty of evidence that proves how the claims about getting caught are true.
We saw how the Citizen Lab in 2016 rolled out the first tech report documenting attacks rolled out through Pegasus. This happened to target an individual from the UAE. After that, in less than a decade, we saw researchers highlight 130 people from different places around the globe hitting and hacking the company’s spyware as per a running tally by security expert Runa Sandvik.
The number of targeted victims is better shown through the Pegasus Project. It’s a collective journalistic means to investigate abusive NSO spyware that was dependent on leaked lists of nearly 50,000 phone numbers. They entered the NSO Group’s target system.
With time, there were more than a dozen people, but now there are more protections up for grabs that keep people safe and aware of such attacks. Other than Amnesty and Citizen Lab, another nonprofit by the name Access Now is assisting with the process of user safety and security.
But it’s not only nonprofits that are calling out the Pegasus Spyware group. We similarly saw Apple catching them in action by rolling out alerts to victims of this spyware located all over the globe. This prompted users to seek help through Access Now.
More tech reports continue to document spyware attacks rolled out through Pegasus as well as those generated by other firms. Maybe the NSO Group’s issues lie in the fact that it makes sales to other nations using it thoroughly, such as reporters and civil society members.
The biggest OPSEC mistake here appears to be how the NSO Group continues to sell to those nations targeting media personnel but end up exposing themselves along the way.
Read next: OpenAI Shares Fivefold Rise in Bug Bounty Rewards for Exceptional Security Vulnerabilities
