ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Pegasus

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Pegasus

NamesPegasus
Q Suite
Chrysaor
JigglyPuff
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
Description(Citizen Lab) Israel-based “Cyber Warfare” vendor NSO Group produces and sells a mobile phone spyware suite called Pegasus. To monitor a target, a government operator of Pegasus must convince the target to click on a specially crafted exploit link, which, when clicked, delivers a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission. Once the phone is exploited and Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.
Information<https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/>
<https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf>
<https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html>
<https://media.ccc.de/v/33c3-7901-pegasus_internals>
<https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/>
<https://citizenlab.ca/2020/08/nothing-sacred-nso-sypware-in-togo/>
<https://tech.firstlook.media/how-to-defend-against-pegasus-nso-group-s-sophisticated-spyware>
<https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/>
<https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/>
<https://www.trendmicro.com/en_us/research/21/i/analyzing-pegasus-spywares-zero-click-iphone-exploit-forcedentry.html>
<https://www.bbc.co.uk/news/world-middle-east-58814978>
<https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/>
<https://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/>
<https://www.frontlinedefenders.org/en/statement-report/statement-targeting-palestinian-hrds-pegasus>
<https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/>
<https://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/>
<https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html>
<https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/>
<https://www.amnesty.org/en/latest/news/2022/01/el-salvador-pegasus-spyware-surveillance-journalists/>
<https://therecord.media/finland-says-it-found-nsos-pegasus-spyware-on-diplomats-phones/>
<https://www.securityweek.com/new-report-alleges-widespread-pegasus-spying-israel-police>
<https://www.reuters.com/technology/how-saudi-womans-iphone-revealed-hacking-around-world-2022-02-17/>
<https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/>
<https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/>
<https://therecord.media/spyware-attack-targeted-spanish-prime-ministers-phone/>
<https://www.securityweek.com/dutch-used-pegasus-spyware-most-wanted-criminal-report>
<https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/>
<https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/>
<https://www.reuters.com/world/europe/polish-mayor-targeted-by-pegasus-spyware-media-2023-03-03/>
<https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/>
<https://www.jamf.com/blog/threat-advisory-mobile-spyware-continues-to-evolve/>
<https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/>
<https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/>
<https://www.malwarebytes.com/blog/news/2023/09/pegasus-spyware-and-how-it-exploited-a-webp-vulnerability>
<https://therecord.media/apple-warns-armenians-state-sponsored-hacking-attempts-azerbaijan>
<https://www.sharefoundation.info/en/spyware-attack-attempts-on-mobile-devices-of-members-of-civil-society-discovered/>
<https://therecord.media/mexico-pegasus-spyware-trial-kicks-off>
<https://rsf.org/en/first-togo-rsf-identifies-spyware-phones-two-togolese-journalists>
<https://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware>
<https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/>
<https://www.theguardian.com/technology/2024/feb/29/pegasus-surveillance-code-whatsapp-meta-lawsuit-nso-group>
MITRE ATT&CK<https://attack.mitre.org/software/S0316/>
<https://attack.mitre.org/software/S0289/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/apk.chrysaor>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Pegasus>

Last change to this tool card: 07 March 2024

Download this tool card in JSON format

Previous: PEBBLEDASH
Next: Penquin Turla

All groups using tool Pegasus

ChangedNameCountryObserved

Unknown groups

X_[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]