A new iMessage exploit used to install NSO Group


The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware.
At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both.
Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations. Family members were also infected in some cases.
Identified evidence of HOMAGE, a previously undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities.
Shared a selection of Pegasus cases with Amnesty International’s Tech Lab, which independently validated our forensic methodology.


Catalans Targeted with Pegasus
With the targets’ consent, we obtained forensic artefacts from their devices that we examined for evidence of Pegasus infections. Our forensic analysis enables us to conclude with high confidence that, of the 63 people targeted with Pegasus, at least 51 individuals were infected.
Almost all the incidents occurred between 2017 and 2020, although we found an instance of targeting in 2015. All targets publicly named in this report consented to be identified as such.

In addition to the forensic confirmations, we identified additional cases of Catalans targeted by Pegasus infection attempts, but where we were unable to forensically validate an infection. This was due to multiple reasons, ranging from changed or discarded devices to the limitations of our forensic tooling.
Spain has a high Android prevalence over iOS (~80% Android in 2021). Anecdotally, this is somewhat reflected in the individuals we contacted. Because our forensic tools for detecting Pegasus are much more developed for iOS devices, we believe that this report heavily undercounts the number of individuals likely targeted and infected with Pegasus because they had Android devices.
Target: Members of the European Parliament
Every Catalan Member of the European Parliament (MEP) that supported independence was targeted either directly with Pegasus, or via suspected relational targeting. Three MEPs were directly infected, two more had staff, family members, or close associates targeted with Pegasus.
SMS-Based Targeting

Many victims were targeted using SMS based attacks, and we have collected more than 200 such messages. These attacks involved operators sending text messages containing malicious links designed to trick targets into clicking. In this approach, once a victim clicks on a link, the device is infected via a Pegasus exploit server.
Sophistication and personalization of the messages varied across attempts, but they reflect an often-detailed understanding of the target’s habits, interests, activities, and concerns. In many cases, either the timing or the contents of the text were highly customized to the targets and indicated the likely use of other forms of surveillance.
Many messages masqueraded as Twitter or news updates, typically focused on topics of interest to the target.

News organizations impersonated included international outlets such as The Guardian, Financial Times, and Die Welt, English language media like the Columbia Journalism Review, as well as regional media like La Vanguardia, Europa Press, El Temps, El Confidencial, and so on.


This report details extensive surveillance directed against Catalan civil society and government using mercenary spyware. According to NSO Group, Pegasus is sold exclusively to governments, and finding such an operation inevitably implicates a government. While we do not currently attribute this operation to specific governmental entities, circumstantial evidence suggests a strong nexus with the government of Spain, including the nature of the victims and targets, the timing, and the fact that Spain is reported to be a government client of NSO Group.
Call for an Investigation
The seriousness of the case clearly warrants an official inquiry to determine the responsible party, how the hacking was authorized, what legal framework governed the hacking and what judicial oversight applied, the true scale of the operation, the uses to which the hacked material was put, and how hacked data was handled, including to whom it may have been provided.

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER.

5 social monitoring tools great for OSINT

5 Social Media Monitoring Tools

In this article we’ll talk about the following social monitoring tools:
Hootsuite, Brand24, Mention, Sprout Social, Synthesio.
For each of these we’ll know the main benefits of using it, as well as reason to chose another tool, based on your needs! Here goes 🙂

Read More »
OSINT Investigating questions

OSINT for Businesses: A Guide to Conducting Due Diligence and Intelligence Investigations

In this article, we’ll explore how businesses can use OSINT techniques to gather information and conduct due diligence and intelligence investigations.

Open-source intelligence (OSINT) is the process of gathering information from publicly available sources to support decision-making and informed action.

For businesses, OSINT can be a valuable tool for conducting due diligence and intelligence investigations, providing a wealth of information on potential partners, competitors, and threats.
However, with the increasing use of artificial intelligence (AI) in online investigations, it’s important to know how to gather information while avoiding detection.

Read More »


A Revolutionary API to Check If Your Personal Information is Compromised.
Are you tired of constantly worrying about your personal information being compromised? Well, let me introduce you to ProfileNINJA, a one-of-a-kind API service listed on the RapidAPI marketplace.

ProfileNINJA takes the hassle out of checking if your personal information has been leaked by searching through databases linked to popular social media platforms like Twitter, Facebook, VK, Instagram, Telegram, and LinkedIn.

Read More »

People Data Lookup API

People Data Lookup API on RapidAPI is a service that allows users to search and retrieve information about individuals using phone number, email address, password, or full name. The API offers accurate and updated information that can be used for various purposes such as fraud detection, verification, and customer engagement. The service is accessible through RapidAPI, a platform that connects developers with over 16,000 APIs.

Read More »


With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches.
All you have to do without running Shodansploiti is to add shodan api.

Read More »