{
	"id": "eeaa42d1-e1f6-4889-9da7-9b2983c99c8f",
	"created_at": "2026-04-06T01:32:24.608179Z",
	"updated_at": "2026-04-10T13:12:01.891957Z",
	"deleted_at": null,
	"sha1_hash": "989cc324c23c862ac8731d21bdb8f104949780e6",
	"title": "iPhones running latest iOS hacked to deploy NSO Group spyware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1884384,
	"plain_text": "iPhones running latest iOS hacked to deploy NSO Group spyware\r\nBy Sergiu Gatlan\r\nPublished: 2021-07-19 · Archived: 2026-04-06 01:18:45 UTC\r\nHuman rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a\r\nrecent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's\r\nlatest iOS release, hacked using zero-day zero-click iMessage exploits.\r\n\"Amnesty International has observed evidence of compromise of the iPhone XR of an Indian journalist (CODE INJRN1)\r\nrunning iOS 14.6 (latest available at the time of writing) as recently as 16th June 2021,\" the report reads.\r\n\"Lastly, Amnesty International has confirmed an active infection of the iPhone X of an activist (CODE RWHRD1) on June\r\n24th 2021, also running iOS 14.6.\r\nhttps://www.bleepingcomputer.com/news/security/iphones-running-latest-ios-hacked-to-deploy-nso-group-spyware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/iphones-running-latest-ios-hacked-to-deploy-nso-group-spyware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Most recently, a successful \"zero-click\" attack has been observed exploiting multiple zero-days to attack a fully patched\r\niPhone 12 running iOS 14.6 in July 2021.\"\r\nThe NGO also sad that it reported this information to Apple, who said that they are investigating the matter.\r\n\"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life,\r\nand are used to target specific individuals,\" Ivan Krstić, head of Apple Security Engineering and Architecture, told The\r\nWashington Post.\r\n\"While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend\r\nall our customers, and we are constantly adding new protections for their devices and data.\"\r\nFindings confirmed by Citizen Lab's peer review\r\nBill Marczak, a research fellow at academic research lab Citizen Lab, also revealed that an independent peer review of\r\nAmnesty's report said that the forensic methodology is sound and led to additional evidence supporting the report's findings.\r\nCitizen Lab was able to independently observe NSO Pegasus spyware deployed on an iPhone 12 Pro Max running iOS 14.6\r\n(the OS's latest release), hacked via a zero-day zero-click iMessage exploit, which does not require interaction from the\r\ntarget.\r\nThe researchers also discovered zero-click iMessage attacks that led to Pegasus being installed on an iPhone SE2 phone\r\nrunning iOS version 14.4 and an iPhone SE2 device running iOS 14.0.1.\r\n\"The mechanics of the zero-click exploit for iOS 14.x appear to be substantially different than the KISMET exploit for iOS\r\n13.5.1 and iOS 13.7, suggesting that it is in fact a different zero-click iMessage exploit,\" Citizen Lab added.\r\nPegasus is a spyware tool developed by NSO Group and marketed as a surveillance tool \"licensed to legitimate government\r\nagencies for the sole purpose of investigating crime and terror.\"\r\n\"These most recent discoveries indicate NSO Group's customers are currently able to remotely compromise all recent\r\niPhone models and versions of iOS,\" Amnesty International and Forbidden Stories said in their report.\r\nNSO Group spyware used in high-profile attacks\r\nThis is just one of a long string of reports and papers documenting NSO Group's Pegasus spyware being used to spy on\r\nhuman rights defenders (HRDs) and journalists worldwide.\r\nFor instance, two years ago, Facebook sued Israeli cyber-surveillance firm NSO Group and its parent company for creating\r\nand selling a WhatsApp zero-day exploit. \r\nThe zero-day exploit was later used to hack and infect the devices of high-profile targets such as government officials,\r\ndiplomats, and journalists with spyware.\r\nResearchers at Citizen Lab revealed in 2018 that they found some Pegasus licensees using it actively for cross-border\r\nsurveillance and in countries with a history of abusive behavior by state security services.\r\nIn collaboration with Microsoft, Citizen Lab also reported last week that they found links between another Israeli\r\nsurveillance firm known as Candiru to new Windows spyware dubbed DevilsTongue deployed on targets' computers via\r\nnow patched Windows zero-day vulnerabilities.\r\n\"Candiru is a secretive Israel-based company that sells spyware exclusively to governments,\" Citizen Lab said. \"Reportedly,\r\ntheir spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.\"\r\nMicrosoft researchers discovered \"at least 100 victims in Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom,\r\nTurkey, Armenia, and Singapore,\" with the list of victims including \"politicians, human rights activists, journalists,\r\nacademics, embassy workers, and political dissidents.\"\r\nhttps://www.bleepingcomputer.com/news/security/iphones-running-latest-ios-hacked-to-deploy-nso-group-spyware/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/iphones-running-latest-ios-hacked-to-deploy-nso-group-spyware/\r\nhttps://www.bleepingcomputer.com/news/security/iphones-running-latest-ios-hacked-to-deploy-nso-group-spyware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/iphones-running-latest-ios-hacked-to-deploy-nso-group-spyware/"
	],
	"report_names": [
		"iphones-running-latest-ios-hacked-to-deploy-nso-group-spyware"
	],
	"threat_actors": [
		{
			"id": "38f8da87-b4ba-474b-83e6-5b04d8fb384b",
			"created_at": "2024-02-02T02:00:04.032871Z",
			"updated_at": "2026-04-10T02:00:03.532955Z",
			"deleted_at": null,
			"main_name": "Caramel Tsunami",
			"aliases": [
				"SOURGUM",
				"Candiru"
			],
			"source_name": "MISPGALAXY:Caramel Tsunami",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775439144,
	"ts_updated_at": 1775826721,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/989cc324c23c862ac8731d21bdb8f104949780e6.pdf",
		"text": "https://archive.orkl.eu/989cc324c23c862ac8731d21bdb8f104949780e6.txt",
		"img": "https://archive.orkl.eu/989cc324c23c862ac8731d21bdb8f104949780e6.jpg"
	}
}