There was evidence for infection in at least 35 individuals, with 16 of them having their data stolen from their phones. The threat actors were said to have used two zero-day iOS exploits, which gave them access to the target’s devices and snoop on them.
Pegasus Spyware Infecting El Salvadorans
The infamous Pegasus spyware from NSO Group has a long list of allegations. The Israeli spyware company has been in the news earlier for selling itself to several governments, to spy on local activists and journalists. And now, it’s once again tagged with a similar accusation, but with El Salvador nation. From a long two-year investigation done by the University of Toronto’s Citizen Lab and Access Now, the researchers found Pegasus infections in several El Salvadorans. And most of them belong to the country’s government and journalists. More in detail, the report stated 35 individuals were infected across 37 devices, with 16 of them having their senstive data stolen from their phones through mobile data! Overall, there were 226 intrusions spotted having access to messages, calls, and all content stored on the targets’ devices. And this was done through two zero-click bugs – an iMessage Kismet exploit and a ForcedEntry exploit. The former was earlier sold by NSO Group to target Al Jazeera employees, which triggered Apple to patch it in iOS 14. And the latter (ForcedEntry) too was acknowledged by Apple, which notified its users of potential state-sponsored hacking. The report from Citizen Lab said several Salvadorans were Infected with these exploits. El Faro, a local newspaper said some of its employees were infected with Pegasus spyware, and also stated that some members of El Salvador’s government have been a target too. This is to track President Nayib Bukele’s activities and talk with the local gangs and ministers, regarding the nation’s ruling and policies.