Pegasus spyware targeting human rights activists in 45 countries

by Julie Splinters - -

Infamous Pegasus spyware targets phone users in 45 countries

Numerous countries affected by Pegasus spyware

Security researchers have conducted an extensive investigation over three years tracking down the infamous Pegasus malware, which exclusively targets iPhone and Android devices. According to findings, the malicious payload spread across 45 countries, six of which used spyware to abuse human rights in the past.

Pegasus spyware originated in 2016[1] and was created by Israeli-based security firm NSO Group.[2] The malicious software was sold to the oppressive governments as a “lawful intercept” to spy on journalists, human rights activists, political opposition, etc. However, research showed that the malware was also spotted in the US, UK, Canada, France, and other developed democratic countries.

Not only the propagation of Pegasus increased over time, however, and experts found that the number of servers associated with the malware increased dramatically:

The number of Pegasus servers we detected in our scans ballooned from about 200 in 2016 to almost 600 in 2018. This may be an indication that NSO Group is scaling up their operations.

Pegasus is a sophisticated spyware-type program which is capable of a wide range of malicious activities, including recording calls, reading texts, stealing photos, tracking victims' location, and much more.[3]

Spyware spreads widely nowadays and will be active in the future

From its first malicious activity in 2016, Pegasus spyware is widely spreading in numerous countries worldwide recently. Nevertheless, this dangerous malware is being used definitely not for good purposes but for making attempts against human rights. According to researchers from The Citizen Lab, Pegasus abusive usage has increased lately but there also were some countries that have misused this spyware program in the past:[4]:

At least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.

Furthermore, Pegasus spyware was used for attacking human rights in Mexico in 2017 also. People, including even young children, were tricked into believing that all this activity was promoted by the trusted government. However, this dangerous malware resulted in affecting the population. Some of the people were even well-known lawyers and journalists.

However, expectations for the future are not that bright as people might want them to be. Due to the excessive propagation of spyware, such attempts might still be very common in the future unless the governments of particular countries will take some actions against the spyware industry and strictly regulate it: 

Civil society will increasingly find itself the target of this type of sophisticated surveillance unless the governments better regulate the spyware industry

NSO denied all allegations

For more information, researchers have informed numerous users that Pegasus and other spyware-related programs are spread through exploit kits with the help of phishing techniques. According to research, over a thousand IPs and domain names were found belonging to the Pegasus spyware and C2 servers in the past two years.

However, researchers have come with an interesting technique which allows them to identify locations which are used by various operators to spy by misusing the Pegasus spyware program:

We designed and conducted a global DNS cache probing study on the matching domain names in order to identify in which countries each operator was spying. Our technique identified a total of 45 countries where Pegasus operators may be conducting surveillance operations. At least 10 Pegasus operators appear to be actively engaged in cross-border surveillance.

Even though malware spread worldwide and made a big impact on people in numerous countries, NSO has stated that the guilt should not be put on them as there are very few NSO-related operations that are active in the countries that were affected with Pegasus spyware[5]:

There are multiple problems with Citizen Lab’s latest report. Most significantly, the list of countries in which NSO is alleged to operate is simply inaccurate. NSO does not operate in many of the countries listed. The product is only licensed to operate in countries approved under our Business Ethics Framework and the product will not operate outside of approved countries.

All in all, we can come to various conclusions and debates about the guilty ones but the most important thing is to prevent such Pegasus infiltration in the future. We need to put our best hopes that governments will decide to regulate the spyware industry and that such attempts will decrease slightly in the nearest future.

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References