‘CatalanGate’ Spyware Infections Tied to NSO Group
Citizen Lab has uncovered a years-long campaign that is targeting the autonomous region of Spain, Catalonia, with an unknown zero-click exploit in Apple’s iMessage. The exploit was reportedly used by Israeli-based NSO Group to plant the Pegasus or Candiru spyware onto iPhones used by journalists, activists, politicians, and other public figures. Citizen Lab released a report on Monday claiming that 65 individuals were infected with the spyware via a vulnerability known as HOMAGE. Citizen Labs believes that the NSO Group is behind the campaign, which took place between 2017 and 2020.
Candiru is another commercial firm similar to NSOGroup that reportedly sells the DevilsTongue surveillance malware to governments across the globe. Due to the fact that the malware leverages a zero-click vulnerability, no interaction on behalf of the victim is necessary. Since 2019, Apple’s iOS software is not vulnerable to HOMAGE attacks. Citizen Lab states that the hacking covers a spectrum of individuals in Catalonia, including activists, academics, NGOs, and elected officials.