According to The Guardian, many journalists using iPhones with iOS versions lower than 14, have been targeted in a digital espionage campaign. Using a vulnerability present in iMessage (nicknamed Kismet), malicious actors using an NSO Group software were able to hack into the iPhones of 37 journalists leaving their passwords, microphone input, and photos at risk.
The report, which came out of Citizen Lab at the University of Toronto links four operators to the United Arab Emirates (U.A.E.) and Saudi Arabia. Moreover, out of the 37 targeted journalists, most are from the Qatari state-owned news channel Al Jazeera. The motivation for the hack isn't entirely clear at this point, but some journalists believe that their work on certain controversial topics in these countries could be the reason.
The hack was first discovered when a renowned investigative journalist for Al Jazeera's Arabic network, Tamer Almisshal, became concerned that his phone had been compromised. He then turned to Citizen Lab for assistance. After monitoring the journalist's phone, Citizen Lab reported that the attack was based on a zero-click strategy, meaning that one would not have had to click any malicious links to be targeted. "...his phone had connected to an NSO server after it was infected with an apparent malicious code delivered through Apple’s servers. Seconds later, researchers found technical evidence that Almisshal’s phone had been infiltrated," the Guardian wrote.
Due to the zero-click nature of the attack, it was hard to detect and left behind few traces. The Israeli cyber intelligence and security firm, NSO Group, said it wasn’t familiar with Citizen Lab’s claims and affirmed that it does not have access to the targets’ data. Apple later gave out a statement stating that the attack was "highly targeted", and that it could not verify Citizen Lab's report. The Cupertino firm reaffirmed its recommendation of installing the latest version of iOS since the hack does not appear to work on iOS 14.
Source: The Guardian