A secretive Israeli spyware company has customers in at least 10 countries, and its hacking tools have been used against minority party politicians and journalists, The Washington Post reported on Tuesday, citing research by Microsoft and the nonprofit Citizen Lab.
Microsoft discovered traces of the spyware created by the surveillance vendor QuaDream to use against older versions of Apple’s iOS phone software, while Citizen Lab used the data to track down victims, according to the newspaper.
In separate reports, the teams released the most thorough analysis to date on how the spyware works and which countries operated servers for receiving the information the spyware captured.
Microsoft said it found the software during efforts with partners to collect intelligence on sophisticated adversaries. Citizen Lab, based at the University of Toronto, said it uncovered five victims. The system worked in part by sending malicious calendar invites that would not be seen by the targets.
Some information about QuaDream previously came to light after a marketing brochure was discovered. Media outlets have since identified customers, including Saudi Arabia, Mexico and Singapore, according to The Washington Post.
Citizen Lab said it now has located QuaDream servers in Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE) and Uzbekistan. It noted that some of those countries, including Mexico and UAE, have widespread human rights issues and have been accused of deploying spyware on peaceful domestic opposition in the past.
Citizen Lab declined to name the most recent victims, saying that those people would come forward when they are ready. It is unclear whether the infections led to arrests or other consequences.
Like its better-known rival, NSO Group, maker of the similar Pegasus spyware, QuaDream sells its eavesdropping to government agencies, according to The Washington Post. Unlike NSO, it has almost no visible corporate presence and may avoid the need for export licenses by dealing through a reseller based outside Israel.
QuaDream was established in 2016 by former NSO employees, and its investors and executive ranks have changed in the past few years, the newspaper said.
In 2021, QuaDream and NSO were accused of using the same iPhone software flaws to install spyware that could capture data, record calls and activate the camera surreptitiously, without any user interaction. Apple sent out warnings to affected users, including some of the ones now identified as QuaDream targets, and patched the flaws.
US agencies have experimented with programs like QuaDream’s in the past, specifically NSO’s Pegasus. The Commerce Department has banned business dealings with NSO and another spyware maker, but done nothing about QuaDream.
NSO’s Pegasus has come under fire after many cases have been discovered worldwide of governments using the spyware against dissidents, journalists and political opponents.
Apple has sued the Israeli firm, seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices.
(Israel National News' North American desk is keeping you updated until the start of the Seventh Day of Passover in New York. The time posted automatically on all Israel National News articles, however, is Israeli time.)