AI News AI资讯 7d ago Updated 7d ago 更新于 7天前 49

Politician who investigated spyware abuses had his phone hacked with Pegasus spyware 调查间谍软件滥用行为的政治家手机被Pegasus间谍软件入侵

Citizen Lab confirmed that Stelios Kouloglou, a member of the European Parliament’s PEGA committee investigating spyware abuses, was hacked with NSO Group’s Pegasus spyware in 2022 and 2023. The attacks utilized a zero-click exploit targeting a patched vulnerability in Apple’s iOS smart home software, allowing unauthorized access to private data without user interaction. The hacker reused an email address linked to previous campaigns against European journalists, implying a government customer w 加拿大多伦多大学数字权利实验室确认希腊前议员Stelios Kouloglou在任职欧洲议会PEGA委员会期间被Pegasus间谍软件入侵。 攻击利用了苹果iOS系统中已修复但未安装的智能家居软件漏洞,属于无需用户交互的“零点击”攻击。 入侵时间精准对应委员会起草关于多国政府滥用间谍软件调查报告的关键节点,引发对政府监控批评者的担忧。 攻击者使用了与之前针对欧洲记者攻击相同的Pegasus加载邮箱地址,暗示其拥有NSO集团授权并在多国进行监控。 受害者计划起诉NSO集团,事件加剧了关于限制间谍软件使用及保护民主制度免受腐败监控的争议。

75
Hot 热度
65
Quality 质量
70
Impact 影响力

Analysis 深度分析

TL;DR

  • Citizen Lab confirmed that Stelios Kouloglou, a member of the European Parliament’s PEGA committee investigating spyware abuses, was hacked with NSO Group’s Pegasus spyware in 2022 and 2023.
  • The attacks utilized a zero-click exploit targeting a patched vulnerability in Apple’s iOS smart home software, allowing unauthorized access to private data without user interaction.
  • The hacker reused an email address linked to previous campaigns against European journalists, implying a government customer with multi-country authorization from NSO Group.
  • The timing of the hacks coincided with critical committee activities, including draft report preparation and hospital visits, raising concerns about political suppression and privacy violations.
  • Kouloglou intends to sue NSO Group, highlighting ongoing tensions between state-sponsored surveillance tools and democratic oversight mechanisms.

Why It Matters

This incident underscores the severe risks posed by commercial spyware to democratic institutions and the rule of law, particularly when targets are investigators themselves. It highlights the urgent need for stricter regulatory frameworks governing the sale and use of zero-day exploits and surveillance technologies by governments. For cybersecurity professionals, it serves as a stark reminder that even patched vulnerabilities can be weaponized if devices are not updated promptly, emphasizing the critical importance of rapid patch deployment and zero-click exploit mitigation.

Technical Details

  • Exploit Vector: The intrusion was achieved via a "zero-click" bug exploiting a previously discovered flaw in Apple’s smart home software integrated into iPhones, requiring no user interaction to compromise the device.
  • Target System: The attacks targeted Apple’s iPhone operating system, specifically leveraging a vulnerability that had already been patched by Apple but remained uninstalled on Kouloglou’s device.
  • Data Exfiltration: Once compromised, the spyware extracted sensitive data including text messages, correspondence, location history, photos, and potentially ambient audio from the device microphone.
  • Attribution Clues: Citizen Lab identified the attacker through the reuse of a specific Pegasus-loaded email address previously associated with campaigns against journalists across Europe, suggesting a single government customer with broad authorization.
  • Timeline: The initial hack occurred in October 2022, followed by two additional intrusions in March 2023, aligning with key periods of committee deliberations and travel.

Industry Insight

  • Regulatory Pressure: This case will likely intensify calls for the European Commission and other global bodies to impose stricter limits on spyware exports and usage, potentially leading to more rigorous licensing requirements for vendors like NSO Group.
  • Vendor Accountability: The incident reinforces the necessity for surveillance technology companies to implement robust end-user verification processes and ethical guidelines to prevent misuse against journalists, politicians, and civil society members.
  • Security Hygiene: Organizations and individuals handling sensitive political or investigative data must prioritize immediate application of security patches, especially for zero-click vulnerabilities, as delays can lead to catastrophic breaches.

TL;DR

  • 加拿大多伦多大学数字权利实验室确认希腊前议员Stelios Kouloglou在任职欧洲议会PEGA委员会期间被Pegasus间谍软件入侵。
  • 攻击利用了苹果iOS系统中已修复但未安装的智能家居软件漏洞,属于无需用户交互的“零点击”攻击。
  • 入侵时间精准对应委员会起草关于多国政府滥用间谍软件调查报告的关键节点,引发对政府监控批评者的担忧。
  • 攻击者使用了与之前针对欧洲记者攻击相同的Pegasus加载邮箱地址,暗示其拥有NSO集团授权并在多国进行监控。
  • 受害者计划起诉NSO集团,事件加剧了关于限制间谍软件使用及保护民主制度免受腐败监控的争议。

为什么值得看

本文揭示了针对民主监督机制的直接网络攻击案例,展示了高级间谍软件如何被用于干扰政治调查和保护既得利益。对于关注网络安全、隐私保护及政府透明度的从业者而言,这提供了关于“零点击”漏洞利用及其地缘政治影响的最新实证。

技术解析

  • 攻击向量:利用苹果iPhone软件中智能家居组件的一个已知漏洞,该漏洞此前已被修复但受害者设备未安装补丁。
  • 执行方式:“零点击”(Zero-click)漏洞利用,攻击者无需受害者进行任何交互即可植入间谍软件并窃取数据。
  • 数据窃取范围:包括短信、其他通信记录、位置数据、照片以及可能通过麦克风窃听的周围环境音频(如医院内的对话)。
  • 溯源线索:攻击者使用的Pegasus加载邮箱地址与之前针对欧洲记者的攻击活动相同,表明攻击源具有连续性和跨国性。
  • 时间线:首次入侵发生在2022年10月,随后在2023年3月至少两次再次被同一操作者入侵,均处于委员会讨论和报告起草的关键期。

行业启示

  • 供应链与漏洞管理风险:即使厂商发布了安全补丁,终端用户的滞后更新仍使其暴露于高危的“零点击”攻击之下,强调了自动化补丁管理和终端安全监控的重要性。
  • 政治监控的新常态:间谍软件正从针对异见人士扩展到针对民主机构内部成员,旨在破坏调查进程和泄露敏感信息,行业需警惕此类工具对法治和新闻自由的系统性威胁。
  • 监管与法律追责压力:随着NSO集团等厂商试图重塑品牌形象,此类高调攻击将加剧国际社会对其出口管制和法律责任的审查,推动更严格的全球监管框架建立。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全 Research 科学研究