NEW INVESTIGATION🚨: exposing zero-click mercenary #spyware company #QuaDream.
Victims include journalists, opposition politicians, an NGO worker...
Many countries w/suspected operators.
THREAD 1/
citizenlab.ca
Victims include journalists, opposition politicians, an NGO worker...
Many countries w/suspected operators.
THREAD 1/
citizenlab.ca
3/ @MsftSecIntel #QuaDream shared samples w/ us @citizenlab. We developed forensic techniques to identify the spyware on iOS devices.
In the binaries we found a fully featured implant that cleans up its own traces.
And we found evidence of suspected zero click exploits...
In the binaries we found a fully featured implant that cleans up its own traces.
And we found evidence of suspected zero click exploits...
4/ Alongside our @citizenlab analysis of the spyware, Microsoft Threat Intelligence has a deep dive.
Alongside a whole bunch of additional host & network indicators of compromise for detection.👇
Alongside a whole bunch of additional host & network indicators of compromise for detection.👇
5/ We found clues of QuaDream using #ENDOFDAYS, a possible zero click exploit against #iCal on iOS 14 devices.
Underlines how attackers often prefer to leverage cloud accounts & synchronization services for zero-click #0day targeting.
Here's how to hunt for it.
Underlines how attackers often prefer to leverage cloud accounts & synchronization services for zero-click #0day targeting.
Here's how to hunt for it.
6/ We aren't naming victims in this initial technical report, but the pattern is familiar to the commercial #spyware industry:
"untraceable" zero-click tool sold to global client list... leads to hacking of opposition members, journalists, NGO workers, and so on.
"untraceable" zero-click tool sold to global client list... leads to hacking of opposition members, journalists, NGO workers, and so on.
7/ Fresh reporting by @lorenzofb of @TechCrunch has some juicy details on #QuaDream.
❌Efforts to skirt export export regulations
❌Use by 🇲🇽#Mexico & efforts to disguise end user.
Super concerning, an investigation is clearly warranted.
techcrunch.com
❌Efforts to skirt export export regulations
❌Use by 🇲🇽#Mexico & efforts to disguise end user.
Super concerning, an investigation is clearly warranted.
techcrunch.com
8/ Our @citizenlab report has a dive into what we know about #QuaDream & InReach, and the various personalities involved.
Commercial #spyware companies try hard to operate in the shadows.
Pulling back the corporate curtain is a key part of the accountability process.
Commercial #spyware companies try hard to operate in the shadows.
Pulling back the corporate curtain is a key part of the accountability process.
9/ Takeaway: the commercial #spyware problem is more than just a handful of notorious companies.
We are still seeing only the tip of the mercenary hack-berg.
Collaboration & intel sharing between threat research groups & researchers is essential.
So is continued vigilance.
We are still seeing only the tip of the mercenary hack-berg.
Collaboration & intel sharing between threat research groups & researchers is essential.
So is continued vigilance.
11/ Great thread by my @citizenlab colleague & lead author @billmarczak on how our investigation unfolded.👇
12/ @citizenlab investigations =team production.
Here are some of the other all stars: Astrid Perry, @nouraaljizawi, @sienaanstis, Zoe Panday, an anonymous researcher, @insyria & @RonDeibert. W/help from @adamsenft, @SnigdhaBee & graphics by @rizhouto.
Here are some of the other all stars: Astrid Perry, @nouraaljizawi, @sienaanstis, Zoe Panday, an anonymous researcher, @insyria & @RonDeibert. W/help from @adamsenft, @SnigdhaBee & graphics by @rizhouto.
13/ This #QuaDream investigation would not have happened without the victims & potential targets that got in touch with us and agreed to be checked.
We owe them our gratitude.
Same for the partners & research teams that helped surface potential cases, indicators, or samples.
We owe them our gratitude.
Same for the partners & research teams that helped surface potential cases, indicators, or samples.
جاري تحميل الاقتراحات...