Pegasus infection found on Indian journalists’ phones after Apple alert

What’s in today’s article?

• Why in news?
• What is Organised Crime and Corruption Reporting Project (OCCRP)?
• What is Pegasus Spyware?
• What is zero-click exploit?
• News Summary
• What does the report say?

Why in news?

• The Washington Post and Amnesty International report claims that Pegasus spyware targeted journalists in India.
  • This includes the founder editor of The Wire and the South Asia editor of the Organised Crime and Corruption Report Project (OCCRP). 
• The intrusion was detected in October 2023 after Apple warned users, including MPs, of potential ‘state-sponsored attacks’ on their iPhones.

What is Organised Crime and Corruption Reporting Project (OCCRP)?

• About
  • The Organized Crime and Corruption Reporting Project is a global network of investigative journalists with staff on six continents. 
  • Founded in 2006, it specializes in organized crime and corruption. 
  • It publishes its stories through local media and in English and Russian through its website.
• Recent works
  • The entity was involved in the coverage of Pegasus spyware as well as Panama Papers leak.
  • The OCCRP conducted research and published a report on the Adani Group (AG). 

What is Pegasus Spyware?

• About
  • Pegasus is a malware/spyware developed by Israel’s NSO Group. 
  • The spyware suite is designed to access any smartphone through zero-click vulnerabilities remotely. 
  • Once a phone is infiltrated, the spyware can access entire data on that particular phone. 
  • It also has real-time access to emails, texts, phone calls, as well as the camera and sound recording capabilities of the smartphone.
• Working of Pegasus Spyware 

What is zero-click exploit?

• About
  • A zero-click exploit refers to malicious installed on a device without the device owner’s consent. 
  • More importantly, it does not require the device owner to perform any actions to initiate or complete the installation.
• Specific exploit used in the present case involving Indian journalists
  • The specific exploit allegedly in use on the two devices is called BLASTPAST (previously identified as BLASTPASS). 
  • It plays out in two phases. 
  • In the first, the attack attempts to establish a link with the Apple HomeKit - which gives users a way to control multiple smart devices - on the target’s device. 
    • The purpose of the first phase could be to determine how the device can be exploited or to keep it in sight for further exploitation in the future.
  • In the second, some malicious content is sent via the iMessage app to the target.
    • This phase is the one that delivers the full spyware payload.

News Summary

• A new forensic investigation by Amnesty International and The Washington Post has shown the use of the Israeli Pegasus spyware to surveil high-profile Indian journalists.

What does the report say?

• Background
  • The journalists had received an alert from Apple that they were being targeted by state-sponsored hacking.
  • Following which, these journalists provided their phones to Amnesty International’s Security Lab for testing.
• Report
  • At the end of their examination, they reported finding traces of Pegasus’s activity on their respective devices. 
  • Security Lab concluded that a message to facilitate a zero-click exploit had been sent to these phones over his iPhone’s iMessage app.

Q1) What is Blastpass?

Blastpass is a zero-click exploit chain that can compromise iPhones running iOS 16.6 and iPads running iPadOS 16.6. The exploit involves sending malicious images to the victim's iMessage account. 

Q2) What is Amnesty International?

Amnesty International is an international non-governmental organisation focused on human rights, with its headquarters in the United Kingdom.

Source: 

• Pegasus infection found on Indian journalists’ phones after Apple alert: Amnesty International
• Aljazeera
• Indian Express