In the Middle East cyber espionage, thirty-two journalists working for Al Jazeera (Al Jazeera) secretly compromised their iPhones by installing spyware with vulnerability.

In a new report released yesterday by the Citizens Laboratory of the University of Toronto, the researchers said that the private calls of 36 journalists, producers, presenters and executives of Al Jazeera (Al Jazeera), and the London-based Al A reporter from Araby TV has now infected the Pegasus with the Pegasus virus and repaired the defects in Apple iMessage.

Pegasus was developed by the Israeli private intelligence company NSO Group to allow attackers to access sensitive data stored on the target device, all without the victim’s knowledge.

The researcher said: “An industry and the shift of confidential customers to attacks increases the likelihood of abuse being discovered.”

“Tracking attacks is more challenging because the target may not notice any suspicious objects on their phones. Even if they do observe similar’strange’ call behavior, the event may be short-lived and will not leave behind Any traces. Traces on the equipment.”


After a victim (Al Jazeera investigative reporter) Tamer Almisshal suspected that the victim’s iPhone might have been hacked and agreed to use a VPN app to monitor his network traffic by Citizen Lab researchers in early January this year, the findings of the investigation were revealed come out.

device packet

Internet regulators discovered that the attack took place between July and August this year, using an exploit chain called KISMET, which is a zero-day in iOS 13.5.1 that can be used to undermine Apple’s security protection.

Citizen Lab said the 36 cell phones in question were hacked by four distinct “clusters” or NSO operators linked to the governments of Saudi Arabia and the United Arab Emirates.

A review of Almisshal’s VPN logs revealed that abnormal connections to Apple’s iCloud server suddenly increased. Researchers speculated that this was the initial infection vector for transmitting malicious code, and then the connection to the installation server to obtain Pegasus spyware.

The implant has the following functions: recording audio from the microphone and phone, taking pictures with the phone’s camera, accessing the victim’s password, and tracking the location of the device.

Although NSO Group has always insisted that its software is only used by law enforcement agencies to track terrorists and criminals, this is the first time that governments have abused the tool to monitor critics, dissidents, politicians, and other interested parties.

attack flow

One of the cases involved the provision of hacking tools through a previously undisclosed in WhatsApp, which is currently being filed against the company in a US court.