© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Thai pro-democracy activists targeted with Pegasus spyware

Several Thai citizens were hit by Pegasus spyware in what appears to be “an extensive espionage campaign” against the local democracy movement.

On November 23, 2021, a number of people received notifications from Apple that they were targeted by state-backed attacks with mercenary spyware – specifically, with NSO Group’s Forcedentry exploit.

Researchers at the University of Toronto's Citizen Lab have concluded with high confidence that victims were affected by Pegasus software, identifying at least 30 impacted human rights activists, protesters, and political leaders. The infections took place from October 2020 to November 2021, during the peak of the pro-democratic campaign.

Many of the victims have been previously prosecuted by the Thai government, while others were not involved in the protests. Likely, this illustrates the goal of learning more about the structure of the opposition.

Based on further investigation, during the early stages of the attacks in 2020, the Kismet zero-click exploit was utilized and occurred primarily on out-of-date phones. Malicious image files were forwarded to phones and executed a WebKit instance. Certain Apple models, such as iOS14, seem to be protected against this exploit.

Later in February 2021, the Forcedentry exploit was primarily used and delivered via iMessage. It shared malicious PDF files with JBIG2 streams named using the “.gif” extension, hijacking control of the JBIG2 parser, and downloading a payload.

The researchers do not conclusively attribute the attack to a single state actor. However, they claim that much evidence points toward the Thai government, including the victims themselves being Thai, their political affiliations, as well as the timing of the attacks.

“Conducting such an extensive hacking campaign against high profile individuals in another country is risky and runs the possibility of discovery, especially given the well-known previous cases where Pegasus infections were publicly discovered and publicly disclosed,” they explain.

More from Cybernews:

Crypto scammer faces life in prison for $6m fraud

Crypto swindlers net $42.7m with fake apps

Experts call blockchain “technological fraud” | CyberNews

Malicious hackers steal $375k from NFT platform

Cybercrime group claims to have police insiders across Europe

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked