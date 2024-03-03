A US judge has tidy to the hacker group known as NSO Group to hand over the source code of Pegasus and other products to Meta, as part of the social media giant's ongoing legal fight against the Israeli spyware vendor.

The fate of the NSO Group and the source code stolen from META

There decision represents a significant legal victory for Metawho brought the lawsuit in October 2019 accusing NSO Group of using its infrastructure to distribute the spyware on approximately 1,400 mobile devices between April and May; among the targets vi they were also two dozen Indian activists and journalists.

These attacks exploited a zero-day vulnerability in the instant messaging app (CVE-2019-3568CVSS score: 9.8), a serious overflow flaw in the buffer in the voice calling functionalityto deliver Pegasus with the simple action of making a call, even in scenarios where calls were left unanswered.

Additionally, the attack chain included steps to erase incoming call information from the logs in an attempt to evade detection.

Court documents released last month show that NSO Group was asked to “provide information on the full functionality of the spyware in question“, specifically for a period of one year before the alleged attack until one year after the alleged attack (i.e., from April 29, 2018 to May 10, 2020).

That said, the company is not required to “provide specific information about the server structure at this time” why WhatsApp “would be able to obtain the same information from the full functionality of the alleged spyware“; perhaps more significantly, it was spared from sharing the identities of its clients.

“While the court's decision is a positive development, it's disappointing [sapere] that the NSO Group will be allowed to continue to keep the identity of its customers secretresponsible for this illegal targeting“, has declared Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International.

NSO Group was sanctioned by the United States in 2021 for developing and supplying cyber weapons to foreign governments that “used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers“.

However, Half is facing growing attention by privacy and consumer groups in the European Union because of its “pay or opt-in” subscription model, which they define as a choice between paying a “privacy fee” and consenting to tracking by the company.

“This imposes a business model in which privacy becomes a luxury rather than a fundamental right, directly strengthening the existing discriminatory exclusion from access to the digital world and control of personal data“, they said, adding that this practice would undermine GDPR regulations.

This situation comes as Recorded Future has revealed a new multi-note delivery infrastructure associated with Predator, a mercenary mobile spyware operated by the Intellexa Alliance.

The infrastructure network is most likely associated with Predator customers, including countries such as Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, Philippines, Saudi Arabia, and Trinidad and Tobago; It is important to note that no Predator customers have been identified in Botswana and the Philippines at this time.

“While Predator operators respond to public reports by changing some aspects of their infrastructure, they appear to persist with minimal changes to their ways of operating; these include consistent spoofing themes and focus on types of organizations, such as news agencies, while maintaining established infrastructure configurations“, has declared the company.

Sekoia, in his relationship on the Predator spyware ecosystem, said it found three domains related to customers in Botswana, Mongolia and Sudan, saying it detected a “significant increase in the number of generic malicious domains that provide no indication of entities and possible customers [che potrebbero essere] targets“.