Dozens of journalists at Al-Jazeera, the Qatari state-owned media company, have been targeted by advanced spyware in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates, according to a cybersecurity watchdog.
Citizen Lab at the University of Toronto said it traced malware that infected the personal phones of 36 journalists, producers, anchors and executives at Al-Jazeera back to the Israel-based NSO Group, which has been widely condemned for selling spyware to repressive governments.
“The increased targeting of the media is especially concerning given the fragmented and often ad-hoc security practices and cultures among journalists and media outlets,” said the research group, based at the University of Toronto’s Munk School of Global Affairs and Public Policy, which investigates digital espionage.
Most unnerving to the investigators was that iMessages were infecting targeted cellphones without the users taking any action — what’s known as a zero-click vulnerability.
Through push notifications alone, the malware instructed the phones to upload their content to servers linked to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools without even luring users to click on suspicious links or threatening texts.
The coordinated attacks on Qatari-funded Al-Jazeera, which Citizen Lab described as the largest concentration of phone hacks targeting a single organization, occurred in July, just weeks before the Trump administration announced the normalization of ties between Israel and the UAE.
The breakthrough deal took public what had been a long-secret alliance. Analysts say normalization likely will lead to stronger cooperation in digital surveillance between Israel and Persian Gulf sheikhdoms.
In the case of Al Jazeera, the Citizen Lab — working with the Qatar-based broadcaster’s IT team — said it found that in July and August, at least four operatives used Pegasus spyware to hack 36 personal phones of journalists and senior executives.
Pegasus spyware, created by the Israeli firm NSO Group, is a mobile phone surveillance system that enables customers to remotely exploit and monitor devices, the Citizen Lab said.
The research group concluded that one of the four Pegasus operators spied on 18 phones and did so on behalf of the Saudi government. Another one of the four can be linked to the U.A.E. government and spied on 15 phones, the report claimed.
Citizen Lab, which has been tracking NSO spyware for four years, tied the attacks “with medium confidence” to the Emirati and Saudi governments, based on their past targeting of dissidents at home and abroad with the same spyware. The two countries are embroiled in a bitter geopolitical dispute with Qatar in which hacking and cyber surveillance have increasingly become favored tools.
Apple said it was aware of the Citizen Lab report and said the latest version of its mobile operating system, iOS 14, “delivered new protections against these kinds of attacks.” It sought to reassure users that NSO doesn’t target the average iPhone owner, but rather sells its software to foreign governments to target a limited group. Apple said it has not been able to independently verify Citizen Lab’s analysis.