Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Bahrain activists spied via iMessage exploit and Pegasus. Citizen Lab cybersecurity experts: The operation used the KISMET and FORCEDENTRY exploits. This one is able to circumvent Apple’s BlastDoor
A new zero-click iMessage exploit has been used to deploy the Pegasus trojan on several Bahraini activist devices between June 2020 and February 2021. It has been discovered by Citizen Lab cybersecurity experts. Among the activists hacked, there are three members of Al-Wa’ad, three members of the Bahrain Center for Human Rights, two activists in exile, and one member of Al-Wefaq. At least four of them have been hacked by LULU, a threat actor linked by the researchers to the Bahraini government. The cyber espionage operation used the KISMET exploit, previously observed in attacks targeting journalists at Al Jazeera, and a new exploit chain dubbed ‘FORCEDENTRY’, able to circumvent Apple’s BlastDoor security system. While KISMET is aimed at iOS 13.5.1 devices, FORCEDENTRY is targeting the newest iOS 14 devices.