MERCENARY MAYHEM
A technical analysis of Intellexa's PREDATOR spyware - 2023 https://blog.talosintelligence.com/mercenary-intellexa-predator/
Spyware suppliers take great care to make the final payloads difficult to detect, obtain, analyze and protect against by creating deployment sequences that often require little or no user interaction. The delivery mechanism is usually an exploit chain that can start a zero-click exploit, like #FORCEDENTRY, which is produced by Israeli spyware firm #NSO Group, or with a link that the victim is tricked into clicking (i.e., a โone-clickโ exploit), like the one created by the surveillance company Cytrox to deploy their own spyware known as โPREDATOR.โ (Note: #Cytrox is owned by Intellexa, which sells the #PREDATOR spyware.)
#spyware #israel
A technical analysis of Intellexa's PREDATOR spyware - 2023 https://blog.talosintelligence.com/mercenary-intellexa-predator/
Spyware suppliers take great care to make the final payloads difficult to detect, obtain, analyze and protect against by creating deployment sequences that often require little or no user interaction. The delivery mechanism is usually an exploit chain that can start a zero-click exploit, like #FORCEDENTRY, which is produced by Israeli spyware firm #NSO Group, or with a link that the victim is tricked into clicking (i.e., a โone-clickโ exploit), like the one created by the surveillance company Cytrox to deploy their own spyware known as โPREDATOR.โ (Note: #Cytrox is owned by Intellexa, which sells the #PREDATOR spyware.)
#spyware #israel
Forwarded from Pegasus NSO & other spyware
Dissecting TriangleDB, a Triangulation spyware implant | Securelist โ June 2023
#FORCEDENTRY #Ios #TriangleDB
Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a malicious attachment, and for getting root privileges through a vulnerability in the kernel. Due to this granularity, discovering one exploit in the chain often does not result in retrieving the rest of the chain and obtaining the final spyware payload.In 2021, analysis of iTunes backups helped to discover an attachment containing the FORCEDENTRY exploit. However, during post-exploitation, the malicious code downloaded a payload from a remote server that was not accessible at the time of analysis. Consequently, the analysts lost โthe ability to follow the exploit.โ
#FORCEDENTRY #Ios #TriangleDB