Pegasus Spyware Hacked iPhones in Thailand, Say Canadian Researchers

Citizen Lab, a cyber research arm of the University of Toronto, on Sunday published a report detailing how Pegasus spyware was used to hack into iPhones belonging to pro-democracy protestors and activists in Thailand between October 2020 and November 2021.

Pegasus is a mercenary spyware suite developed by Israeli surveillance and cyberintelligence company NSO Group. It is capable of accessing, taking over, and extracting sensitive information from a smartphone without the user ever knowing.

Citizen Lab started looking into the issue after Apple warned some Thai users of their devices being infiltrated by a “state-sponsored attacker” in November 2021. Pegasus is well-known for being able to hack into Apple’s iPhone using a variety of different exploits. Apple also filed a lawsuit against the NSO Group at the same time.

Citizen Lab’s investigation found that Pegasus was used to gain access to iPhones belonging to several members of the pro-democracy movement in Thailand, which is trying to bring reforms to the monarchy. Researchers found evidence of at least 30 individuals being targeted, with the earliest infections dating back to October 2020.

According to Citizen Lab, the perpetrators used the zero-click “KISMET” and “FORCEDENTRY” exploits against Thai iPhones. The latter exploit was delivered to target iPhones via Apple’s iMessage app.

The hack targeted student activists belonging to the FreeYOUTH movement, members of We Volunteer (WEVO) and the United Front of Thammasat and Demonstration (UFTD), human rights lawyer Arnon Nampa, and prominent pro-democracy activist Jatupat Boonpattararaksa, among others.

NSO Group has denied any wrongdoing and maintains that its products are to be used “in a legal manner and according to court orders and the local law of each country.”

Amnesty International’s Security Lab independently analyzed a subset of the victims, confirming the infections.

Pegasus has previously been used to target iPhones belonging to Bahraini activists, The New York Times journalist Ben Hubbard, Spain’s Prime Minister, and more. Citizen Lab continues to be at the forefront of efforts against NSO Group’s Pegasus spyware.

Apple recently announced a new feature called Lockdown Mode coming in iOS 16 to protect iPhone users, if they believe they are being targeted by mercenary spyware.