HOMAGE exploit discovered targeting iOS users from Catalan

April 25, 2022
HOMAGE Vulnerability Exploit iOS Catalan Pegasus Spyware

Catalan-based journalists, politicians, and activists are the newest targets of a zero-click exploit on iPhone’s iMessage app utilised to install spyware under the NSO Group. As dubbed by experts, HOMAGE is a zero-click vulnerability that impacts iOS version 13.2.

The HOMAGE exploit is abused by threat operators to target people with the Pegasus spyware, alongside the Kismet iMessage exploit and a WhatsApp vulnerability back in 2017 to 2020. The campaign victims include journalists, civil society organisations, legislators, jurists, every Catalan president since 2010, and the Catalan Members of the European Parliament (MEPs).

 

Cybersecurity experts highlighted no records of the HOMAGE exploit for iOS versions above 13.1.3; thus, they believe it is fixed for iOS 13.2.

 

Furthermore, based on the provided forensic evidence to probe the exploit, it was confirmed that no Apple customers using the latest iOS version were attacked by the HOMAGE exploit.

Security experts initially did not attribute the detected malicious campaign to any organisation or government, but they stressed that there were circumstantial pieces of evidence that prove a strong association with one or more Spanish government entities linked to the issue.

Previous reports also revealed that the NSO spyware was also utilised to attack senior European Commission officials in 2021. Several records of suspected Pegasus spyware infection against official UK networks were found, including the European Justice Commissioner.

A UK Prime Minister’s Office was also detected with an infection on their device, linked with the spyware campaigns done by Pegasus threat actors from the UAE. The attacks against the UK’s Foreign and Commonwealth Office are also tagged with Cyprus, Jordan, the UAE, and India.

Additionally, numerous devices of Finnish diplomats were also found infected with the Pegasus spyware after being reported by the country’s Ministry for Foreign Affairs in January this year. The same incident was discovered against the US Department of State employees having the iPhone devices infected with the said spyware.

Scheduled for April 19, the European Parliament will hold its first conference to tackle and investigate the malicious events attributed to the NSO Pegasus and other similar spyware.

The Pegasus spyware was developed by an Israeli surveillance firm NSO Group as a surveillance tool offered and licensed to government institutions worldwide, merely for investigating crime and terror. However, the spyware had been exploited deliberately for malicious activities experienced by many important individuals, such as government officials and employees.

About the author