Skip to content Skip to footer

US Judge Orders NSO Group to Hand Over Pegasus Source Code to Meta

Recently, a U.S. judge ordered NSO Group, an Israeli vendor, to provide its source code for Pegasus and other remote access trojans to Meta. This is part of Meta's ongoing lawsuit against NSO Group. The decision is a significant legal victory for Meta, which filed the lawsuit in October 2019, accusing NSO Group of using its infrastructure to distribute to around 1,400 mobile devices between April and May 2019, including two dozen Indian activists and journalists.

The attacks used a zero-day flaw in the instant messaging , -2019-3568, with a CVSS score of 9.8, a critical buffer overflow bug in the voice call functionality. These attacks enabled the delivery of Pegasus by just placing a call, even if the calls were unanswered. The attack chain also included steps to erase incoming call information from the logs to avoid detection.

According to court documents released last month, NSO Group has been asked to provide information regarding the full functionality of the relevant for one year before and after the alleged attack, from April 29, 2018, to May 10, 2020. However, the company is not required to provide specific information regarding the server architecture at this time, as WhatsApp would be able to obtain the same information from the full functionality of the alleged . NSO Group has also been allowed to keep the identities of its clientele a secret.

Donncha Ó Cearbhaill, the head of the Security Lab at Amnesty International, expressed disappointment that NSO Group is still allowed to keep the identities of its clients a secret, who are responsible for the unlawful targeting.

In 2021, NSO Group was sanctioned by the U.S. for developing and supplying cyber weapons to foreign governments that maliciously targeted officials, journalists, businesspeople, activists, academics, and embassy workers.

On the other hand, Meta faces mounting scrutiny from and consumer groups in the European Union over its “pay or okay” subscription model, which they say is Hobson's choice between paying a “privacy fee” and consenting to be tracked by the company. They argue that this imposes a business model in which privacy becomes a luxury rather than a fundamental right, directly reinforcing existing discriminatory exclusion from access to the digital realm and control over personal data, undermining GDPR.

In addition, a threat intelligence firm, Recorded Future, recently uncovered a new multi-tiered delivery infrastructure associated with Predator, a mercenary mobile managed by the Intellexa Alliance. The infrastructure network is highly likely associated with Predator customers, including those in Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. It's worth noting that until now, no Predator customers within Botswana and the Philippines have been identified.

Recorded Future also highlighted that Predator operators tend to respond to public reporting by tweaking certain aspects of their infrastructure. Still, they seem to persist with minimal changes to their modes of operation. These include consistent spoofing themes and focusing on organizations like news outlets while adhering to established infrastructure setups.

Sekoia, in its report about the Predator ecosystem, mentioned that it found three domains likely related to customers in Botswana, Mongolia, and Sudan. It also detected a significant increase in generic malicious domains that do not give indications of targeted entities and possible customers.

Read More

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

I know kung-fuNeo

Deitasoft © 2024. All Rights Reserved.