Pegasus

Malware updated 3 days ago (2024-10-15T10:02:09.221Z)
Download STIX
Preview STIX
Pegasus is a sophisticated malware developed by the Israeli company, NSO Group. It is a zero-click espionage tool that can be deployed without user interaction, making it highly effective and intrusive. The spyware was used to target various individuals, including Russian journalist Galina Timchenko, through vulnerabilities in Apple's operating system. These "zero-day" flaws were later fixed by Apple as part of their ongoing efforts to secure their devices against such threats. Pegasus has the potential to steal personal information, disrupt operations, and even hold data hostage. Apple had initiated a lawsuit against NSO Group, accusing them of targeting Apple's devices and users through the development and distribution of Pegasus spyware. The lawsuit included details about NSO Group’s FORCEDENTRY exploit, which was used to target multiple users and deliver the latest version of Pegasus. However, Apple later decided to drop its lawsuit, stating that continuing with the legal proceedings would require sharing sensitive, proprietary threat intelligence data with third parties, potentially risking its own security defenses. The use of Pegasus spyware has raised significant concerns globally. For instance, Poland's Constitutional Tribunal found the country's parliamentary commission investigating the use of Pegasus to be unconstitutional. Despite the focus on NSO Group, Apple noted that the commercial spyware sector has become more decentralized, with NSO Group no longer being the sole actor in the cyber-espionage space. This suggests that actions against NSO Group alone may inadvertently strengthen other spyware sellers as authoritarian governments pivot from Pegasus to numerous competing spyware brands.
Description last updated: 2024-10-15T09:17:11.919Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Spyware
Ios
Malware
NSO Group
Exploit
Zero Day
Whatsapp
Apple
Vulnerability
Exploits
nso
Macos
Encryption
Government
Russia
Google
Android
Tool
Imessage
Kaspersky
State Sponso...
Phishing
European
Eu
Espionage
Cytrox
Ransom
Apt
Chrome
Cybercrime
Ransomware
Windows
Telegram
Scammer
Sextortion
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Predator Malware is associated with Pegasus. Predator is a highly invasive malware known for its extensive data-stealing and surveillance capabilities. The malicious software, developed by the Intellexa Consortium, a complex international network of decentralized companies, can infect systems through suspicious downloads, emails, or websites aUnspecified
7
The Predator Spyware Malware is associated with Pegasus. Predator spyware is a type of malware known for its extensive data-stealing and surveillance capabilities. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even holdUnspecified
2
The Lockbit Malware is associated with Pegasus. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operatUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Peach Sandstorm Threat Actor is associated with Pegasus. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside goverUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Blastpass Vulnerability is associated with Pegasus. Blastpass is a significant software vulnerability that was revealed in September 2023 by Citizen Lab. The flaw, which resides in Apple's software design and implementation, has been exploited by attackers to infiltrate devices with Pegasus spyware. The exploit is particularly potent as it uses a zerUnspecified
5
The Pwnyourhome Vulnerability is associated with Pegasus. The "PWNYOURHOME" vulnerability is a significant flaw in software design or implementation that was used against iPhones running iOS 15 and iOS 16 starting in October 2022. Identified by Citizen Lab, it is one of three zero-click exploits that were used to deploy the Pegasus spyware on target iPhoneUnspecified
2
The CVE-2023-41061 Vulnerability is associated with Pegasus. CVE-2023-41061 is a significant software vulnerability that was discovered in Apple's Wallet frameworks. This flaw allows for remote code execution, making it possible for malicious actors to execute arbitrary code on vulnerable devices through the manipulation of a "validation issue". The discoveryUnspecified
2
The CVE-2023-41064 Vulnerability is associated with Pegasus. CVE-2023-41064 is a software vulnerability, specifically a buffer overflow issue found in the iOS ImageIO component. This flaw was discovered and reported by researchers at Citizen Lab in early September. It was being actively exploited as part of an exploit chain, along with another vulnerability (Unspecified
2
Source Document References
Information about the Pegasus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
a month ago
BankInfoSecurity
a month ago
DARKReading
a month ago
BankInfoSecurity
a month ago
InfoSecurity-magazine
a month ago
Securityaffairs
a month ago
InfoSecurity-magazine
a month ago
Securityaffairs
a month ago
DARKReading
a month ago
InfoSecurity-magazine
a month ago
Malwarebytes
a month ago
InfoSecurity-magazine
a month ago
Krebs on Security
a month ago
InfoSecurity-magazine
2 months ago
Securityaffairs
2 months ago
DARKReading
2 months ago
Securityaffairs
2 months ago
BankInfoSecurity
10 months ago
CERT-EU
8 months ago
DARKReading
7 months ago