Israeli spyware firm QuaDream linked to hacks on journalists and politicians
An Israeli-made spyware resembling the controversial Pegasus programme has been used to target journalists and opposition politicians in at least ten countries around the world, researchers have found.
The little-known Israeli vendor named QuaDream, which markets spyware under the name "Reign", was established by a former Israeli military official and veterans of the NSO Group, the creator of Pegasus, cybersecurity researchers from Citizen Lab at the University of Toronto said on Tuesday.
According to the researchers, QuaDream prefers to keep a low profile and has largely avoided the limelight, in contrast with its competitor, Israel's NSO Group.
Unlike the NSO Group, which was blacklisted by the US in 2021 for its ties to illegal surveillance programmes, QuaDream has escaped scrutiny, until now.
Reign’s "Premium Collection" capabilities included "real-time call recordings, camera activation - front and back," and "microphone activation," according to a company brochure uncovered by Citizen Lab.
As part of its strategy to avoid the pitfalls that the NSO Group faced, QuaDream operates with a minimal public presence, meaning no website, no media coverage, and no social media presence.
The attacks launched by QuaDream compromised phones running iOS 14, a state-of-the-art iPhone operating system, between 2020 and 2021.
The attacks were connected to calendar invitations and worked without user interaction, which is considered as a "zero click" attack.
"The firm has common roots with NSO Group, as well as other companies in the Israeli commercial spyware industry, and the Israeli government's own intelligence agencies," Citizen Lab said.
Last year Reuters reported that NSO and Reign at one point both exploited the same iOS bug to hack into devices.
Mounting legal woes
Israel has faced repeated criticism and diplomatic pressure over spyware and other cyber weapons being developed in the country.
Last month, the White House said that Pegasus has been used by governments "to facilitate repression and enable human rights abuses".
In December 2022, a prominent Bahraini activist and blogger, the UK-based dissident Yusuf al-Jamri, started legal action against the NSO Group over allegations that his phone was hacked with Pegasus.
Four other UK-based Arab dissidents have also taken legal action this year against the NSO Group, Saudi Arabia and the UAE over allegations that they were targeted with Pegasus.
In 2021, Amnesty International obtained a leaked database of 50,000 phone numbers selected by NSO Group clients. The reporting revealed the widespread and international use of spyware to target politicians, activists and journalists.
The US Supreme Court in January allowed Meta Platforms Inc's WhatsApp to pursue a lawsuit against NSO Group for exploiting a bug in the messaging app that installed spy software, enabling the surveillance of hundreds of people, including journalists, human rights activists, and dissidents.
WhatsApp - owned by Meta (formerly Facebook) - filed its lawsuit against the NSO Group in 2019, accusing the company of allegedly targeting its servers in California with malware to gain unauthorised access to approximately 1,400 mobile devices in violation of US state and federal law.
Last year, the Biden administration placed the NSO Group on an "Entity List" of companies considered to be engaged in activities contrary to US foreign policy and national security. The administration accused it of enabling "transnational repression" with its spyware.
NSO also faces a lawsuit from Apple, which claims the spyware maker violated US laws by breaking into the software installed on its iPhones.