Pegasus
Description
(Citizen Lab) Israel-based “Cyber Warfare” vendor NSO Group produces and sells a mobile phone spyware suite called Pegasus. To monitor a target, a government operator of Pegasus must convince the target to click on a specially crafted exploit link, which, when clicked, delivers a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission. Once the phone is exploited and Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.
Names
| Name |
|---|
| Pegasus |
| Q Suite |
| Chrysaor |
| JigglyPuff |
Category
Malware
Type
- Reconnaissance
- Backdoor
- Info stealer
- Credential stealer
- Exfiltration
Information
- https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/
- https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
- https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html
- https://media.ccc.de/v/33c3-7901-pegasus_internals
- https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/
- https://citizenlab.ca/2020/08/nothing-sacred-nso-sypware-in-togo/
- https://tech.firstlook.media/how-to-defend-against-pegasus-nso-group-s-sophisticated-spyware
- https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
- https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
- https://www.trendmicro.com/en_us/research/21/i/analyzing-pegasus-spywares-zero-click-iphone-exploit-forcedentry.html
- https://www.bbc.co.uk/news/world-middle-east-58814978
- https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/
- https://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/
- https://www.frontlinedefenders.org/en/statement-report/statement-targeting-palestinian-hrds-pegasus
- https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/
- https://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/
- https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
- https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
- https://www.amnesty.org/en/latest/news/2022/01/el-salvador-pegasus-spyware-surveillance-journalists/
- https://therecord.media/finland-says-it-found-nsos-pegasus-spyware-on-diplomats-phones/
- https://www.securityweek.com/new-report-alleges-widespread-pegasus-spying-israel-police
- https://www.reuters.com/technology/how-saudi-womans-iphone-revealed-hacking-around-world-2022-02-17/
- https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/
- https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
- https://therecord.media/spyware-attack-targeted-spanish-prime-ministers-phone/
- https://www.securityweek.com/dutch-used-pegasus-spyware-most-wanted-criminal-report
- https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/
- https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/
- https://www.reuters.com/world/europe/polish-mayor-targeted-by-pegasus-spyware-media-2023-03-03/
- https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
- https://www.jamf.com/blog/threat-advisory-mobile-spyware-continues-to-evolve/
- https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
- https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/
- https://www.malwarebytes.com/blog/news/2023/09/pegasus-spyware-and-how-it-exploited-a-webp-vulnerability
- https://therecord.media/apple-warns-armenians-state-sponsored-hacking-attempts-azerbaijan
- https://www.sharefoundation.info/en/spyware-attack-attempts-on-mobile-devices-of-members-of-civil-society-discovered/
- https://therecord.media/mexico-pegasus-spyware-trial-kicks-off
- https://rsf.org/en/first-togo-rsf-identifies-spyware-phones-two-togolese-journalists
- https://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware
- https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/
- https://www.theguardian.com/technology/2024/feb/29/pegasus-surveillance-code-whatsapp-meta-lawsuit-nso-group
- https://therecord.media/poland-pegasus-spyware-government-investigation
- https://www.securityweek.com/spain-reopens-a-probe-into-a-pegasus-spyware-case-after-a-french-request-to-work-together/
- https://www.accessnow.org/publication/civil-society-in-exile-pegasus/
- https://therecord.media/poland-seizure-pegasus-spyware-systems
- https://therecord.media/pegasus-spyware-victims-sannikov-erlikh
- https://therecord.media/maker-of-pegasus-spyware-deposition-whatsapp-lawsuit
- https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home
- https://www.theregister.com/2024/09/19/pegasus_spyware_met_police_complaint/
- https://therecord.media/pegasus-spyware-infections-detailed-whatsapp-lawsuit
- https://iverify.io/blog/iverify-mobile-threat-investigation-uncovers-new-pegasus-samples
- https://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users
- https://www.amnesty.org/en/latest/news/2025/03/serbia-birn-journalists-targeted-with-pegasus-spyware/
Mitre Attack
Malpedia
Alienvault Otx
Other Information
Uuid
ff64b1c1-6846-4f3f-9dae-0e23f866299e
Last Card Change
2025-04-21