At least 30 activists from Thailand got attacked by the Pegasus spyware on their iPhones based on a recent cybersecurity incident in the country. The affected individuals were protesters to support the pro-democracy movement in Thailand that demands reform in the country’s monarchy.
The Pegasus spyware was able to infiltrate the protesters’ iPhone devices during street rallies between 2020 to 2021. The individuals were unaware of the spyware on their mobile phones until Apple notified them through a threat advisory.
Pegasus’ attack on the Thai citizens was the first reported in the country. Moreover, the alert was sent to the affected people last November, telling them to reach out to authorities or relevant organisations. The country’s human rights group, Amnesty Thailand, then released a statement that confirmed the incident and condemned the suspects for hacking the iPhones of the protesters to inject spyware.
A spokesperson from Amnesty Thailand said their country had just been added to the list of territories where people who call for change and express opinions about the government are spied on.
Amnesty Thailand also highlighted that they are pushing the local authorities to execute a prompt and thorough investigation of the incident against the affected Thai individuals.
The Pegasus spyware is one of the most sophisticated and powerful surveillance tools sold and utilised by government and law enforcement worldwide. Owned by the notorious NSO Group, they first buy zero-day flaws from hackers before the spyware mounts it without the need for user interaction.
To be able to hack a targeted iPhone device, the threat actor must send a specially crafted iMessage to its victim. Once received, the victim is not required to interact with the message, even if it gets unopened, and the spyware could begin compromising the device. Experts had dubbed this attack vector as the zero-click iMessage exploit.
Previous reports involving the Pegasus spyware had made the headlines, including victimising high-risk groups such as US State Department Officials, human rights activists, journalists, lawyers, and Prime Ministers. These attacks had led the US government to ban the use of the Pegasus spyware in the country.
