QuaDream Spyware Targeted iPhones with Malicious Calendar Invites

Summary:

• QuaDream spyware targets iPhones of journalists and politicians via calendar invites.
• Israeli company linked to sales of hacking tools similar to NSO Group’s exploits.
• Hackers use stealthy calendar invites to exploit a previously unknown iOS 14 vulnerability.

Researchers at Microsoft and Canadian digital rights group Citizen Lab have uncovered a series of iPhone hacks targeting journalists, political opposition figures, and an NGO worker through malicious calendar invites, reports TechCrunch.

The attacks utilized spyware created by QuaDream, an Israeli cyber mercenary company known for developing zero-click exploits for iPhones.

QuaDream has remained largely under the radar until recently, when reports linked the company to the sale of its hacking tools to Saudi Arabia and the development of iPhone exploits similar to those provided by the NSO Group.

The Israeli company’s customers operate servers in countries such as Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, UAE, and Uzbekistan, as per Citizen Lab’s internet scans.

Microsoft and Citizen Lab published technical reports on QuaDream’s alleged spyware, revealing that the exploit used to hack the victims’ iPhones was specifically designed for iOS 14, making it an unknown and unpatched zero-day vulnerability.

The hackers delivered the malware through malicious calendar invites with dates in the past, which did not trigger notifications, making them invisible to the target.

Apple’s spokesperson Scott Radcliffe stated to TechCrunch that there is no evidence showing the exploit discovered by Microsoft and Citizen Lab was used after March 2021 when the company released an update. The victims of these cyberattacks have not been named, and they are located in different countries, making it difficult for them to come forward.