Cybersecurity News

NSO Group Ordered to handover Pegasus code to WhatsApp

Israeli Spyware manufacturer NSO Group, infamous for its creation of Pegasus spyware, has been ordered to hand over information about the code used and the vulnerabilities it exploited to WhatsApp by a US Court.

In a significant legal development, a U.S. judge has mandated NSO Group, the Israeli spyware vendor, to disclose its source code for Pegasus and other products to Meta, the parent company of Facebook. This directive is part of Meta’s ongoing legal battle against NSO Group, initiated in October 2019. The lawsuit alleges that NSO Group exploited Meta’s infrastructure to disseminate spyware to roughly 1,400 mobile devices, including those belonging to two dozen Indian activists and journalists.

The espionage tactics employed by NSO Group involved exploiting a zero-day vulnerability in the instant messaging app, along with critical buffer overflow flaws in voice call functionalities. These vulnerabilities allowed Pegasus to be deployed simply by placing a call, even if unanswered. Additionally, steps were taken to erase call logs to evade detection.

Court documents have revealed that NSO Group is required to provide information on the full functionality of the spyware from one year before the alleged attack to one year after. However, specifics regarding server architecture have been exempted, with the presumption that Meta could extract this information from the spyware’s full functionality. Notably, NSO Group is not obligated to disclose the identities of its clients, a decision criticized by Amnesty International’s Donncha Γ“ Cearbhaill.

Despite this victory for Meta, concerns persist about NSO Group’s clientele, particularly after the company was sanctioned by the U.S. in 2021 for supplying cyber weapons to foreign governments. Meanwhile, Meta itself faces scrutiny in the EU over its subscription model, criticized as a choice between paying a “privacy fee” or consenting to tracking.

In another development, Recorded Future has uncovered a sophisticated delivery infrastructure associated with Predator, a mobile spyware managed by the Intellexa Alliance. This infrastructure, utilised by Predator customers across various countries including Angola, Armenia, and Saudi Arabia, exhibits resilience to alterations despite public exposure.

Sekoia, in a separate report on the Predator ecosystem, has identified domains linked to customers in Botswana, Mongolia, and Sudan. Additionally, there has been a notable increase in generic malicious domains, indicating broader targeting by spyware operators.

What is Pegasus Spyware?

Pegasus is a highly sophisticated spyware developed by the Israeli technology firm NSO Group. It is designed to infiltrate mobile devices, such as smartphones, and covertly gather a wide range of data, including messages, emails, call records, photos, and even microphone and camera recordings. Pegasus is known for its capability to remotely exploit vulnerabilities in popular mobile operating systems, such as iOS and Android, enabling it to infect devices with minimal user interaction.

Once installed on a target device, Pegasus operates stealthily, often without the user’s knowledge, and has the ability to bypass security measures and encryption protocols. It can be deployed through various means, including malicious links, phishing messages, or exploiting software vulnerabilities.

Pegasus has gained notoriety for its alleged use by governments and intelligence agencies worldwide to target journalists, activists, politicians, and other individuals of interest. Its advanced surveillance capabilities have raised significant concerns about privacy, freedom of speech, and human rights violations. Despite facing legal challenges and scrutiny, Pegasus continues to be a potent tool in the realm of cyber espionage.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

Related Hacking Guides

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.