Pegasus

Malware updated 9 days ago (2024-10-15T10:02:09.221Z)

Download STIX

Preview STIX

Pegasus is a sophisticated malware developed by the Israeli company, NSO Group. It is a zero-click espionage tool that can be deployed without user interaction, making it highly effective and intrusive. The spyware was used to target various individuals, including Russian journalist Galina Timchenko, through vulnerabilities in Apple's operating system. These "zero-day" flaws were later fixed by Apple as part of their ongoing efforts to secure their devices against such threats. Pegasus has the potential to steal personal information, disrupt operations, and even hold data hostage. Apple had initiated a lawsuit against NSO Group, accusing them of targeting Apple's devices and users through the development and distribution of Pegasus spyware. The lawsuit included details about NSO Group’s FORCEDENTRY exploit, which was used to target multiple users and deliver the latest version of Pegasus. However, Apple later decided to drop its lawsuit, stating that continuing with the legal proceedings would require sharing sensitive, proprietary threat intelligence data with third parties, potentially risking its own security defenses. The use of Pegasus spyware has raised significant concerns globally. For instance, Poland's Constitutional Tribunal found the country's parliamentary commission investigating the use of Pegasus to be unconstitutional. Despite the focus on NSO Group, Apple noted that the commercial spyware sector has become more decentralized, with NSO Group no longer being the sole actor in the cyber-espionage space. This suggests that actions against NSO Group alone may inadvertently strengthen other spyware sellers as authoritarian governments pivot from Pegasus to numerous competing spyware brands.

Description last updated: 2024-10-15T09:17:11.919Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Spyware

Ios

Malware

NSO Group

Exploit

Zero Day

Apple

Vulnerability

Exploits

nso

Macos

Encryption

Government

Russia

Google

Android

Tool

Imessage

Kaspersky

State Sponso...

Phishing

European

Espionage

Cytrox

Ransom

Apt

Chrome

Cybercrime

Ransomware

Windows

Scammer

Sextortion

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Predator Malware is associated with Pegasus. Predator is a highly invasive malware known for its extensive data-stealing and surveillance capabilities. The malicious software, developed by the Intellexa Consortium, a complex international network of decentralized companies, can infect systems through suspicious downloads, emails, or websites a	Unspecified	7
The Predator Spyware Malware is associated with Pegasus. Predator spyware is a type of malware known for its extensive data-stealing and surveillance capabilities. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold	Unspecified	2
The Lockbit Malware is associated with Pegasus. LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It typically enters through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage for	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Peach Sandstorm Threat Actor is associated with Pegasus. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside gover	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The Blastpass Vulnerability is associated with Pegasus. Blastpass is a significant software vulnerability that was revealed in September 2023 by Citizen Lab. The flaw, which resides in Apple's software design and implementation, has been exploited by attackers to infiltrate devices with Pegasus spyware. The exploit is particularly potent as it uses a zer	Unspecified	5
The Pwnyourhome Vulnerability is associated with Pegasus. The "PWNYOURHOME" vulnerability is a significant flaw in software design or implementation that was used against iPhones running iOS 15 and iOS 16 starting in October 2022. Identified by Citizen Lab, it is one of three zero-click exploits that were used to deploy the Pegasus spyware on target iPhone	Unspecified	2
The CVE-2023-41061 Vulnerability is associated with Pegasus. CVE-2023-41061 is a significant software vulnerability that was discovered in Apple's Wallet frameworks. This flaw allows for remote code execution, making it possible for malicious actors to execute arbitrary code on vulnerable devices through the manipulation of a "validation issue". The discovery	Unspecified	2
The CVE-2023-41064 Vulnerability is associated with Pegasus. CVE-2023-41064 is a software vulnerability, specifically a buffer overflow issue found in the iOS ImageIO component. This flaw was discovered and reported by researchers at Citizen Lab in early September. It was being actively exploited as part of an exploit chain, along with another vulnerability (	Unspecified	2

Source Document References

Information about the Pegasus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	a month ago	Google Street View Images Used For Extortion Scams
BankInfoSecurity	a month ago	Apple Moves to Dismiss Suit Against Spyware Firm NSO Group
DARKReading	a month ago	Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets
BankInfoSecurity	a month ago	More US Sanctions Against Predator Spyware Maker Intellexa
InfoSecurity-magazine	a month ago	Apple to Drop Spyware Lawsuit Over Security Concerns
Securityaffairs	a month ago	Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure
InfoSecurity-magazine	a month ago	Poland’s Supreme Court Blocks Pegasus Spyware Probe
Securityaffairs	a month ago	Predator spyware operation is back with a new infrastructure
DARKReading	2 months ago	Commercial Spyware Use Roars Back Despite Sanctions
InfoSecurity-magazine	2 months ago	Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions
Malwarebytes	2 months ago	“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home \| Malwarebytes
InfoSecurity-magazine	2 months ago	Civil Rights Groups Call For Spyware Controls
Krebs on Security	2 months ago	Sextortion Scams Now Include Photos of Your Home
InfoSecurity-magazine	2 months ago	Russian Hackers Use Commercial Spyware Exploits to Target Victims
Securityaffairs	2 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
DARKReading	3 months ago	Sophisticated Android Spyware Targets Users in Russia
Securityaffairs	3 months ago	security-affairs-malware-newsletter-round-5
BankInfoSecurity	a year ago	New iPhone Exploit Technique Evades Lockdown Mode Function
CERT-EU	8 months ago	Tainted NSO Group gets involved in another data privacy controversy
DARKReading	8 months ago	Patch Now: Apple Zero-Day Exploits Bypass Kernel Security