Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware
15.9.23 BigBrothers The Hacker News
The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed.
The infiltration is said to have happened on or around February 10, 2023. Timchenko is the executive editor and owner of Meduza, an independent news publication based in Latvia.
It's currently not clear who deployed the malware on the device. The Washington Post reported that the Russian government is not a client of NSO Group, citing an unnamed person familiar with the company's operations.
"During the infection her device was localized to the GMT+1 timezone, and she reports being in Berlin, Germany," the Citizen Lab said. "The day following the infection she was scheduled to attend a private meeting with other heads of Russian independent media exiled in Europe to discuss how to manage threats and censorship by Putin's regime."
The breach was facilitated by means of a zero-click exploit known as PWNYOURHOME that came to light in April 2023, and which combines iOS' HomeKit and iMessage to defeat BlastDoor protections.
The findings come after Timchenko received a threat notification from Apple on June 23, 2023, that state-sponsored attackers may have targeted her iPhone.
The development marks the first documented case where the notorious spyware has been planted on the phone of a Russian target. Pegasus, developed by the Israel-based NSO Group, is a powerful spying tool capable of harvesting sensitive information from infected handsets.
It can be installed on a phone remotely without the victim clicking a link or taking other action, a technique known as a zero-click exploit. While Pegasus is ostensibly licensed to governments and law enforcement agencies to tackle serious crime, it has been repeatedly misused to eavesdrop on members of the civil society.
The Committee to Protect Journalists (CPJ) said "journalists and their sources are not free and safe if they are spied on, and this attack on Timchenko underscores that governments must implement an immediate moratorium on the development, sale, and use of spyware technologies."
News of the spyware infection also arrives days after Apple rushed to patch two zero-day exploits in iOS that have been weaponized in the wild to distribute Pegasus. Users who are at heightened risk of spyware attacks are recommended to enable Lockdown Mode on iPhones to mitigate such threats.