This is the first time that anyone has uncovered such an attack in the wild. Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars. After the researchers alerted Apple, the company worked quickly to fix them in an update released on Thursday.The question is, who was behind the attack and what did they use to pull it off?It appears that the company that provided the spyware and the zero-day exploits to the hackers targeting Mansoor is a little-known Israeli surveillance vendor called NSO Group, which Lookout's vice president of research Mike Murray labeled as "basically a cyber arms dealer."
"One of the most sophisticated pieces of cyberespionage software we've ever seen."
The researchers at Citizen Lab and Lookout were impressed by this new, never-seen-before, type of malware.
A short profile in 2014, published in The Wall Street Journal, reported that NSO had peddled its product to the Mexican government, and got the interest of even the CIA. Its spyware, according to the article, was sold all over the world.Now that its spyware has been exposed, and its zero-days have been burned, NSO perhaps can't claim to be a ghost anymore, although the company could very well have other zero-days and tools up its sleeves. That's why the researchers don't expect their reports, and Apple's patch, to hit the brakes on the activities of NSO for long."We're not going to put NSO out of business by patching these vulnerabilities," Murray said.Moreover, the malware is programmed with settings that go all the way back to iOS 7, which indicates that NSO has likely been able to hack iPhone devices since the iPhone 5.
"We're a complete ghost."
Cabrera was targeted with NSO malware last year for the first time, and again as recently as May of this year. In the latest round of attacks, hackers tried to lure him to click on a series of messages offering government corruption revelations, warning of a charge of $500 on his phone bill, and even promising an adult video that would prove his wife cheated on him. He said he never clicked on any of the links the hackers sent him."It's clear that they wanted me to click," Cabrera told Motherboard. "You could even say they were desperate."