Product
Jake Trujillo
Apr 30, 2024
Latest Headline
The notoriety of Pegasus spyware continues as new instances of its misuse come to light across the globe. In April 2024, millions of Apple users across 92 countries were warned about what Apple referred to as "mercenary spyware attacks."
These attacks are believed to be highly complex and expensive, often linked to state actors or private companies creating spyware for governments, with Pegasus from NSO Group cited as an example.
Key Points:
Initially released in 2016
Developed by Israeli Firm NSO Group
Intended to be used for national security, often used for more nefarious purposes by a variety of actors
32 IOCs as of publication
Fletch is constantly monitoring the threat landscape. The data in this guide is most up to date as of publication. Check out Pegasus’ Threat Board for any updates or join the waitlist to be in the know for every threat.
Pegasus Spyware Summary
Pegasus spyware was developed by the Israeli firm, NSO Group, who marketed the spyware to governments worldwide, claiming it serves to fight crime and terrorism. However, Pegasus allows for deep surveillance, such as accessing SMS, emails, and even activating cameras and microphones without the user's consent.
The tool has been implicated in numerous cases of misuse, ranging from spying on political opponents to tracking journalists and activists, which starkly contrasts its intended use of national security.
Severity: Low
Maturity: Mainstream
IOCs: 28 Malware hashes and 4 vulnerabilities
Targets: 8 tech targets, 4 industry targets, and 30 geo targets
Learn more about Fletch’s metrics in the Fletch Help Center.
Pegasus Spyware Victims and Motivations
Prominent cases of Pegasus misuse include targeting politicians in Poland, human rights activists in Jordan, and journalists globally.
In Poland, former government officials faced charges for using Pegasus to spy on political adversaries from 2017-2022. In Jordan, human rights groups reported that Pegasus was used since 2019 to suppress freedom of expression and monitor activists and journalists critical of the government.
These incidents illustrate a pattern of using Pegasus for political repression rather than for public safety.
Pegasus Spyware Tactics
Pegasus spyware infiltrates devices silently through sophisticated exploitation tactics, often requiring no action from the target. Its stealth and ability to access a wide array of personal data make it one of the most powerful and invasive spyware tools available. Despite NSO Group's claims of strict controls, the spyware's use has frequently deviated from lawful boundaries, leading to significant privacy violations.
Mitigation Advice
At the time of publication this was the mitigation advice against Pegasus:
Short-Term:
Limit App Permissions: Review and limit the permissions granted to apps, especially those that request access to sensitive data or functions.
Update Devices: Ensure all Apple devices are running the latest version of iOS to benefit from the latest security patches.
Long-Term:
Enable Two-Factor Authentication (2FA): For Apple IDs to add an extra layer of security against unauthorized access.
You can check out the most recent mitigation measures by creating a workspace when you join the Fletch waitlist.
Communication
On top of mitigation advice, Fletch also provides Beta AI generated communications so you can educate your different company stakeholders. At the time of publication, this was what was recommended for the following:
For employees:
For customers:
For more templates for your different stakeholders, create a workspace when you join the Fletch waitlist.
Takeaway
The ongoing use of Pegasus highlights the critical challenges at the intersection of technology, ethics, and human rights. With governments and private entities capable of exploiting such tools under the radar, the international community faces pressing calls for stricter regulations and transparency to prevent abuse. Vigilance and robust cybersecurity measures are essential to protect individuals from unauthorized surveillance and uphold the integrity of global digital rights.
Pegasus is just one example of an ever evolving threat that requires in-depth cyber intelligence to stay on top of. Fletch helps you keep track of, and prioritizes, them all.
As the de facto record on the threat landscape, our AI engine is constantly scanning and indexing the threat landscape for you so you can plug the gaps in your security. You can use Fletch to prioritize your alerts, detect threats to your tech and people early, or simply to become an instant expert on any threat at any time.
Learn more about Fletch’s threat intelligence or join the waitlist and try it for yourself.
1. HotHardware: [Apple Warns Millions Of iPhone Users Of Mercenary Spyware Attacks](https://hothardware.com/news/apple-alerts-users-of-mercenary-spyware)
2. TechRadar Pro: [Poland launches investigation in Pegasus spyware use by government](https://www.techradar.com/pro/poland-launches-investigation-in-pegasus-spyware-use-by-government)
3. Dark Reading: [Pegasus Spyware Targets Jordanian Civil Society in Wide-Ranging Attacks](https://www.darkreading.com/vulnerabilities-threats/pegasus-spyware-targets-jordanian-civil-society)
4. The Hacker New: [U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp](https://thehackernews.com/2024/03/us-court-orders-nso-group-to-hand-over.html)