The iPhone of Galina Timchenko, the co-founder, CEO, and publisher of the Russian independent media outlet Meduza, was found to have NSO Group’s Pegasus spyware.
According to the investigative collaboration with Access Now, the Citizen Lab, the infection may have continued for days or weeks following the first exploitation.
The infection was carried out via a zero-click exploit, and researchers said they could not identify the criminals behind the attack.
Based on forensic evidence, Citizen Lab assessed that the attack was accomplished using the PWNYOURHOME exploit, which targets Apple’s HomeKit and iMessage.
Insights of the Hack
While traveling to Berlin, Germany, on February 10, 2023, reports say her iPhone was localized to the GMT+1 timezone during the infection.
She was planning to attend a private conference with other heads of Russian independent media exiled in Europe the day after the infection to discuss how to deal with threats and censorship by Putin’s regime.
The attack comes two weeks after the Russian government designated Meduza as an “undesirable organization” for its critical reporting on Putin’s government and the conflict in Ukraine and amid suspicions held by E.U. governments regarding Russian civil society in exile.
Galina Timchenko and other individuals were alerted by Apple in June 2023 that they could have been the subject of spyware, which sparked the inquiry.
Reports confirm that the iPhone device has been infected on or about February 10, 2023, with the infection likely continuing for a few days or weeks.
This sophisticated spyware, like Pegasus, circumvents encryption and seizes complete control of the victim’s phone, including access to photographs, messages, contacts, and the phone’s camera and microphone.
The use of spyware against journalists and human rights defenders has received widespread condemnation from UN representatives, the European Parliament, the European Data Protection Supervisor, and civil society organizations worldwide.
When Armenia and Azerbaijan were at war in the disputed Nagorno-Karabakh territory, Pegasus targeted Armenian journalists, activists, government officials, and civilians.
No proof exists that Azerbaijan or Kazakhstan targeted citizens of Germany, Latvia, or other EU member states.
Due to the significant threats to national security and human rights, the U.S. government has included NSO Group and other spyware producers on its Entity List and prohibited the federal government from utilizing some commercial spyware.
Mitigation
Apple’s Lockdown Mode would have mitigated this exploit. Apple continues to alert those who have been the subject of mercenary malware, such as NSO’s Pegasus. Consider it carefully if you or someone you know has gotten such a notification.
If you or your organization is facing heightened hazards, it is highly advised that you seek professional advice.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.