Predator Spyware used Apple 0day to Hack Egyptian Official

The three zero-day vulnerabilities that Apple fixed on September 21, 2023, were used in an iPhone exploit chain to try to install the Predator spyware strain, which was intended to target Ahmed Eltantawy, a former member of parliament from Egypt, between May and September 2023.

Given that Egypt is a known user of the commercial espionage technology, the Citizen Lab attributed the assault with high confidence to the Egyptian government. “The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections,” the report noted.

A collaborative study by Google’s Threat Analysis Group (TAG) and the Canadian multidisciplinary laboratory claims that links provided over WhatsApp and SMS were used to distribute the mercenary spying tool.

“Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection in August and September of 2023,” the Citizen Lab researchers said. “When Eltantawy visited certain websites that were not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone with Cytrox’s Predator spyware.” 

(Score: 11) - 4/5