Posted on Leave a comment

Zero-Click Exploit Was Used To Target Bahrain Activists.

A recent news released today in Citizen Lab that numerous Bahraini activists and political party  had hacked the iPhones of a new zero-click exploited since at least February of this year and they deliver spyware of the NSO group of Bahraini’s device by activists.

FORCEDENTRY was one of the the achievement for  several offensive tools that Pegasus, a monitoring programme developed by the NSO Group, utilised to infect devices.

Citizen Lab at the University of Toronto reported  that it connected the latest iOS exploit to NSO Group, a well-known Israeli corporation specialising in offensive hacking and monitoring technology.

zero-click exploit phishing

They targeted the devices of atleast nine Bahraini activists,

TargetDescriptionDate(s) of Hacking
Moosa Abd-Ali *Activist(Sometime before September 2020)
Yusuf Al-JamriBlogger(Sometime before September 2019)
Activist AMember of WaadSeptember 16, 2020
Activist B *Member of Waad, Labor Law ResearcherJune 3, 2020 July 12, 2020 July 19, 2020 July 24, 2020 August 6, 2020 September 15, 2020
Activist CMember of WaadSeptember 14, 2020
Activist D *Member of BCHRSeptember 14, 2020
Activist EMember of BCHRFebruary 10, 2021
Activist F *Member of BCHRJuly 11, 2020 July 15, 2020 July 22, 2020 October 13, 2020
Activist G *Member of Al Wefaq(Sometime before October 2019)

The researchers reported that they passed through three different Stages as,

  1. July – September 2020: Victims were hacked using an older zero-click iOS exploit chain known as KISMET, known to work on older iOS versions up to v14.x.
  2. September 2020: After the release of iOS 14.0, the attackers returned to using one-click iOS exploits, where the victim had to click on a link received inside an iMessage text.
  3. February 2021 – July 2021: Attacks switched to using the new FORCEDENTRY zero-click exploit since it allowed the threat actor to target devices running iOS 14.x versions.

Citizen Lab states ” The analysis published by Citizen Lab “We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. Some of the activists were hacked using two zero-click iMessage exploits: the2020Kismet exploit and a 2021 exploit that we call Forcedentry” .

try is an exploit of zero clicks  to infect a device if an attacker receives the malicious text Message, even without a connection or a message view.

Both Amnesty and Citizen Lab told the security team of Apple that they had made an inquiry.The findings on this research reported that  NSO Group as a corporation that has no hesitation in selling surveillance equipment to oppressive governments who abuse it, instead of combating crime and terrorism, to spy on critics, journalists and political competitors.

While NSO Group regularly attempts to discredit reports of abuse,, their list of customers contains a large number of  users of monitoring technologies. Pegasus’s sale to Bahrain was notably slight, considering that Bahrain’s serial misuse of supervisory products including Trovicor, FinFisher, Cellebrite and, recently, NSO Group were considerable, proven and documented. We think that blocking iMessage and FaceTime could have avoided the particular attacks that we mentioned in this report. However, other chat applications, like WhatsApp, were successfully used by NSO Group in the past to delivers malware. Thus, iMessage and FaceTi disable”. Reads the blogpost.

Experts advocate disabling iMessage and FaceTime to avoid attacks, but sophisticated  malware such as NSO group has many more advantages in the hacking activities.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply