Journalists hacked with suspected NSO Group iMessage ‘Zero-Click’ Exploit

The Citizen Lab reported that 37 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera and a journalist at London based Al Araby TV were hacked using government operatives by NSO Group’s Pegasus spyware in July and August 2020. The four Pegasus operators that were used reportedly belong to one operator MONARCHY that was attributed to Saudi Arabia and another operator SNEAKY KESTREL that was attributed to the United Arab Emirates (UAE). Based on logs from compromised phones, The Citizen Lab believes that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019. The infrastructure used in these attacks included servers in Germany, France, the UK, and Italy using cloud providers Aruba, Choopa, CloudSigma, and DigitalOcean.