Pegasus

Malware Profile Updated 21 hours ago
Download STIX
Preview STIX
Pegasus is a highly sophisticated malware developed by the NSO Group, known for its advanced and invasive capabilities. It is classified as mercenary spyware, often used by governments to target individuals such as journalists, political activists, and others of interest. Pegasus is particularly notorious for exploiting zero-day vulnerabilities in mobile devices, including iPhones, enabling it to infiltrate systems undetected and perform actions ranging from data theft to operational disruption. The malware gained significant attention when zero-day vulnerabilities were exploited to deliver the Pegasus spyware onto Apple devices. These vulnerabilities were later addressed and fixed by Apple. In one notable incident, the iPhone of a Russian journalist was found to be infected with Pegasus. Similarly, Amnesty International reported the presence of Pegasus on the iPhones of several Indian journalists, highlighting the global reach and potential impact of this spyware. The NSO Group faced legal repercussions when a U.S. judge ordered them to hand over the Pegasus spyware code to WhatsApp, part of Meta Platforms Inc., formerly known as Facebook Inc. This order was part of ongoing efforts to combat the misuse of such powerful tools. Despite these measures, Pegasus remains a leading provider of mercenary spyware, demonstrating consistent tactics, techniques, and procedures over time. To protect users against such threats, Apple periodically sends out threat notifications and has provided information on protection against mercenary spyware like Pegasus, although it does not disclose the criteria for sending these notifications to avoid aiding potential attackers.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Devilstongue
1
None
Hermit
1
Hermit is a malicious software (malware) linked to North Korea, also known as the "Hermit Kingdom" due to its isolationist policies. This malware, along with others like Pegasus and DevilsTongue, targeted Apple users leading to a wave of sophisticated attacks in July 2022. In response, Apple develop
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Spyware
Ios
NSO Group
Exploit
Zero Day
Malware
Whatsapp
Apple
Vulnerability
nso
Exploits
Russia
Imessage
Macos
Encryption
Android
Google
Government
Telegram
Cybercrime
Phishing
Espionage
European
Ransomware
Cytrox
State Sponso...
Apt
Ransom
Chrome
Kaspersky
Palestine
Israel
Iran
France
CISA
Signal
Trafficking
Aws
Bitcoin
Known Exploi...
Operation Tr...
Jamf
Rootkit
Azure
Defence
Github
Gbhackers
Ddos
Backdoor
Implant
Facebook
Israeli
NCSC
India
Microsoft
Eu
Tool
Governments
Fbi
Uk
Ivanti
french
Intellexa
Australia
Operation Me...
Esxiargs
Germany
Meduza
Linux
Kubernetes
Remote Code ...
Windows
Firefox
Acrobat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PredatorUnspecified
7
Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple a
LockbitUnspecified
2
LockBit is a type of malware, specifically ransomware, that has been implicated in a series of high-profile cyber attacks on various organizations worldwide. The LockBit ransomware gang infiltrates systems often through suspicious downloads, emails, or websites, and once inside, it can steal persona
3amUnspecified
1
3AM is a new and sophisticated ransomware family that has recently emerged in the cyber threat landscape. The malware, known for its malicious intent to exploit and damage computer systems, operates by infiltrating the target infrastructure through suspicious downloads, emails, or websites. Once ins
TrickBotUnspecified
1
TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked
HijackloaderUnspecified
1
HijackLoader is a new form of malware that is gaining rapid popularity within the cybercrime community. This malicious software, like others of its kind, is designed to infiltrate computer systems and devices, often unbeknownst to the user, through suspicious downloads, emails, or websites. Once ins
GhostsecUnspecified
1
GhostSec is a malicious software (malware) identified as a significant cybersecurity threat. This harmful program, designed to exploit and damage computers or devices, infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, it can steal pe
TriangleDBUnspecified
1
TriangleDB is a sophisticated malware implant targeting iOS devices, discovered as part of a likely state-sponsored cyber-espionage campaign named Operation Triangulation. The malware was first disclosed by Kaspersky researchers in June, revealing its deployment through a new zero-click iOS attack.
Rhysida RansomwareUnspecified
1
Rhysida ransomware is a type of malicious software that has been implicated in a series of high-profile cyber attacks. This malware infiltrates systems via suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for
ZeusUnspecified
1
Zeus is a type of malware, short for malicious software, designed to infiltrate and damage computer systems. It can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Zeus can steal personal information, disrupt operations, or even hold
Predator SpywareUnspecified
1
Predator Spyware is a type of malware, or malicious software, that has recently been identified as a significant threat to digital security. This harmful program infiltrates devices without the user's knowledge, often through suspicious downloads, emails, or websites. Once installed, it can steal pe
Snake MalwareUnspecified
1
The infamous Snake malware, a complex and destructive tool utilized by Pensive Ursa, became the target of a significant cybersecurity operation in May 2023. Detailed in a CISA report, the Snake malware was known to infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst t
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Peach SandstormUnspecified
2
Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor group believed to be linked to the Iranian nation-state. The group has been active since at least 2013 and has previously targeted sectors such as aerospace and energy for espionag
ConfuciusUnspecified
1
Confucius is a threat actor primarily involved in cyberespionage campaigns, with notable activities against Pakistan since 2013. The group has been linked to the India-Pakistan conflict and has been identified as using novel Android spyware, Hornbill and SunBird, to scrape call logs and WhatsApp mes
Anonymous SudanUnspecified
1
Anonymous Sudan, a threat actor group known for its malicious cyber activities, has recently been the subject of increased attention in the cybersecurity industry. This entity, which could consist of a single individual, a private company, or part of a government organization, is responsible for exe
Charming KittenUnspecified
1
Charming Kitten, an Iranian Advanced Persistent Threat (APT) group, also known as ITG18, Phosphorous, and TA453, is a significant cybersecurity threat. This threat actor has been associated with numerous malicious activities, exhibiting advanced and sophisticated social-engineering efforts. The grou
RhysidaUnspecified
1
Rhysida, a ransomware-as-a-service (RaaS) group, emerged as a significant threat actor in May 2023. Initially targeting Windows, it later expanded its operations to Linux systems. The group is known for its distinct attack methodology that involves defense evasion, exfiltration of data for ransom, a
RedflyUnspecified
1
RedFly, a threat actor group known for its malicious activities, has emerged as a significant cybersecurity concern. The group's operations are characterized by their strategic execution and targeted focus, often resulting in substantial security breaches. Threat actors like RedFly pose a significan
Tornado CashUnspecified
1
Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it h
SnakeUnspecified
1
Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg
AlphvUnspecified
1
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BlastpassUnspecified
5
Blastpass is a significant software vulnerability that was revealed in September 2023 by Citizen Lab. The flaw, which resides in Apple's software design and implementation, has been exploited by attackers to infiltrate devices with Pegasus spyware. The exploit is particularly potent as it uses a zer
CVE-2023-41061Unspecified
2
CVE-2023-41061 is a significant software vulnerability that was discovered in Apple's Wallet frameworks. This flaw allows for remote code execution, making it possible for malicious actors to execute arbitrary code on vulnerable devices through the manipulation of a "validation issue". The discovery
PwnyourhomeUnspecified
2
The "PWNYOURHOME" vulnerability is a significant flaw in software design or implementation that was used against iPhones running iOS 15 and iOS 16 starting in October 2022. Identified by Citizen Lab, it is one of three zero-click exploits that were used to deploy the Pegasus spyware on target iPhone
CVE-2023-41064Unspecified
2
CVE-2023-41064 is a software vulnerability, specifically a buffer overflow issue found in the iOS ImageIO component. This flaw was discovered and reported by researchers at Citizen Lab in early September. It was being actively exploited as part of an exploit chain, along with another vulnerability (
RepojackingUnspecified
1
Repojacking is a software vulnerability that specifically targets repositories on platforms such as GitHub. This flaw in software design or implementation can lead to unauthorized access and manipulation of repositories, potentially leading to data breaches, codebase corruption, or dissemination of
LatentimageUnspecified
1
LatentImage is a software vulnerability discovered by Citizen Lab, identified as the third zero-click exploit used by NSO Group in 2022. This flaw was found on a single target's phone and is believed to be the first new exploit deployed by the NSO Group that year. Similar to two other exploits uncov
CVE-2023-4863Unspecified
1
CVE-2023-4863 is a critical vulnerability that has been identified in various major software applications, including Microsoft Windows and Server, Microsoft Edge, Microsoft Office, Word and 365 Apps, Google Chrome, Mozilla Firefox and Thunderbird, and the libwebp library used for handling WebP bitma
CVE-2023-5217Unspecified
1
CVE-2023-5217 is a high-severity zero-day vulnerability identified within the VP8 encoding of the open-source libvpx video codec library utilized by Google Chrome. The flaw, a heap buffer overflow, was capable of causing application crashes or allowing arbitrary code execution, thereby making it a s
CVE-2021-30860Unspecified
1
None
CVE-2023-41990Unspecified
1
None
CVE-2023-23529Unspecified
1
CVE-2023-23529 is a critical vulnerability identified within Apple's WebKit, a browser engine used in its popular devices including iPhones, iPads, and Macs. This flaw, discovered and addressed in February 2023, was a zero-day vulnerability, meaning it was actively exploited by hackers before Apple
cve-2023-35078Unspecified
1
CVE-2023-35078 is a critical authentication bypass vulnerability in the Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This flaw, identified as a remote unauthenticated API access vulnerability, affects supported EPMM versions 11.10, 11.9, and 11.8. It was first publicized
FindmypwnUnspecified
1
FINDMYPWN is a zero-click exploit that was used against iOS 15 starting from June 2022. This two-step vulnerability targets the iPhone's Find My feature and iMessage, allowing for unauthorized access and control of the device. It has been observed being deployed as zero-days against iOS versions 15.
Source Document References
Information about the Pegasus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a day ago
Security Affairs Malware Newsletter - Round 2
Malwarebytes
3 days ago
iPhone users in 98 countries warned about spyware by Apple | Malwarebytes
DARKReading
4 days ago
Apple Warns iPhone Users in 98 Countries of More Spyware Attacks
Recorded Future
6 days ago
Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices
Securityaffairs
8 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
15 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine
21 days ago
Polish Prosecutors Step Up Probe into Pegasus Spyware Operation
Securityaffairs
22 days ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securelist
a month ago
Malware report Q1 2024 – quarter review
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine
2 months ago
Fake Pegasus Spyware Strains Populate Clear and Dark Web
DARKReading
2 months ago
Tech Companies Promise Secure by Design Products
Securityaffairs
2 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
3 months ago
US Gov Slaps Visa Restrictions on Spyware Honchos
Securityaffairs
3 months ago
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
3 months ago
Apple Warns Users Targeted by Mercenary Spyware
Malwarebytes
3 months ago
Apple warns people of mercenary attacks via threat notification system | Malwarebytes