Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose
18.4.23 Virus The Hacker News
Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft.
The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company "hasn't been fully active for a while" and that it "has been in a difficult situation for several months."
The company's board of directors are looking to sell off its intellectual property, the report further added.
QuaDream, which specializes in hacking Apple devices using "zero-click" infections which do not require any action on the part of the victim, is also said to have fired all its employees, with the firm undergoing significant downsizing, according to Haaretz and The Jerusalem Post.
News of the purported shutdown comes as the firm's spyware framework – dubbed REIGN – was outed as having been used against journalists, political opposition figures, and NGO workers across North America, Central Asia, Southeast Asia, Europe, and the Middle East.
Microsoft described REIGN as a "suite of exploits, malware, and infrastructure designed to exfiltrate data from mobile devices."
The attacks entailed the exploitation of a now-patched flaw in iOS to deploy sophisticated surveillanceware capable of surreptitiously gathering sensitive information, including audio, pictures, passwords, files, and locations.
Apple told The Hacker News last week that there was no indication to suggest that the exploit, codenamed ENDOFDAYS, had been put to use since the company released iOS 14.4.2 in March 2021.
QuaDream, like its Israeli counterparts NSO Group and Candiru, is a private-sector offensive actor (PSOA) that markets end-to-end hacking tools for use by its customers to run their targeted cyber operations.
While the company has largely managed to stay under the shadows, Haaretz reported in June 2021 that its spyware technology was sold to Saudi Arabia to carry out zero-click attacks against targets of interest.
Then last year, Reuters revealed that QuaDream had independently developed an exploit to break into iPhones that's comparable to the one provided by NSO Group by leveraging a flaw in iMessage. Apple addressed the vulnerability in September 2021.
The upcoming closure also comes a little over a month after Haaretz shed light on a previously unknown Israeli cyber mercenary company called NFV Systems for selling its surveillance technologies to foreign countries without obtaining a license from the Ministry of Defense.