| 30 November 2023, Thursday |

After Pegasus, new spyware tool ‘Reign’ targets journalists and political figures

A new report in The Guardian has claimed, that a new spyware with capabilities similar to that of NSO Group’s Pegasus has emerged and may have already been deployed on journalists and political opposition figures.
The publication stated that researchers at the Citizen Lab at the University of Toronto’s Munk School discovered the spyware, marketed under the name “Reign” and developed by an Israeli company called QuaDream. The company infected the victim’s phone by sending the malicious spyware masquerading as an iCloud calendar invitation, purportedly at the behest of government clients.
What made the action more potent was the fact that the victim did not even have to click on any malicious link to get infected by the spyware. They were not notified of the calendar invitation as it was sent for events logged in the past – making it a ‘zero-click’ spy attack.
The report added that those infected with ‘Reign’ could have had their conversations recorded happening in the proximity of the phone by controlling the system recorder. It could also read messages on encrypted apps, listen to phone conversations and track the user’s location.
Citizen Lab stated their investigation found that at least five civil society victims of the said spyware have been identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. It also enlisted the operation locations for QuaDream systems.
“We detected systems operated from Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE), and Uzbekistan.”
The Israeli company may have sold its services to government clients in Saudi Arabia, Mexico, Singapore and Ghana while pitching it to high-level bureaucracy officers in Indonesia and Morocco, claimed the digital rights group.
Interestingly, QuaDream, founded in 2016 has been the brainchild of former employees of the NSO. However, unlike NSO, QuaDream has a relatively minuscule corporate presence. The employees of the company have been reportedly instructed to not mention their employer on social media.
The threat ability of the spyware to pierce through Apple’s sophisticated security features has once again cast aspersions over the tech giant’s ability to mount defence against such notorious actors.
In a statement to the publication, Apple said there was no indication that ‘Reign’ had been used since 2021.
“The vast majority of iPhone users will never be the victims of highly targeted cyberattacks and we will work tirelessly to protect the small number of users who are,” the company was quoted as saying by The Guardian.
Nearly two years ago, Forbidden Stories along with Amnesty International and a consortium of journalists from 17 news outlets across the world first exposed Pegasus and its use by various governments across the globe.
Pegasus infiltrated phones to vacuum up personal and location data and surreptitiously control the smartphone’s microphones and cameras.
The company is also being sued by Mark Zuckerberg for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with its spyware.

  • Wions