Hackers Exploit iOS Zero Days, Take Over Ukraine Government's Social Media, and Target News Outlets

The new iPhone SE is seen on display at the Apple Store Thursday, March 31, 2016, in Palo Alto, Calif.

The new iPhone SE is seen on display at the Apple Store Thursday, March 31, 2016, in Palo Alto, Calif. Eric Risberg/AP

Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Spyware Exploits 3 Zero Days in Apple’s iOS

Text messages sent to a human rights activist led to an Apple software update to plug three zero-day vulnerabilities in iOS devices.

Ahmed Mansoor, an activist based in the United Arab Emirates and previous hack victim, forwarded some suspicious text messages he received Aug. 10 to a Citizen Lab researcher, according a Motherboard report.

Citizen Lab and mobile security firm Lookout found sophisticated malware that uses three zero-day flaws to remotely jailbreak an iOS device and install spyware. Citizen Lab says the exploits—called Trident—are used in Pegasus spyware sold by NSO Group, an Israel-based company with ties to U.S. venture capital firm Francisco Partners Management.

The Lookout report called the Pegasus spyware “the most sophisticated attack” the company has encountered on any endpoint device and suspects it’s been around since iOS 7.

The spyware has “significant abuse potential,” according to Citizen Lab, and could be used to target political opponents, journalists and human rights activists. Lookout said it could be used for high-level corporate espionage.

Apple released software update 9.3.5 patch Aug. 25 to address the vulnerabilities.

Hackers Take Over Ukraine Government Social Media

As Ukraine celebrated its independence from the Soviet Union, hackers took over various government social media channels.

Newsweek reports a group called SPRUT claimed responsibility for commandeering the Ukrainian Ministry of Defense’s Twitter and Instragram accounts and the National Guard’s Twitter account.

The accounts posted messages such as “Ukraine no more” and “Country not found” in Russian, then began reposting SPRUT messages, according to the report.

The Ukraine National Guard regained access and deleted the unauthorized the posts, though its statement credits “unknown persons.”

Russian-linked Hackers Target NYT, Other Media Outlets

Suspected Russian intelligence groups attempted to hack The New York Times and other media organizations.

The hackers targeted reporters’ contacts in government, emails and unpublished works with sensitive information. According to the Aug. 23 CNN report, these incidents are under investigation by the FBI and other U.S. intelligence agencies as part of an increased wave of cyberattacks on U.S. organizations to gain insight into the political system.

“Evidence that hackers had targeted The Times came to light two months after private investigators concluded that Russian hackers, apparently connected to two of the country’s intelligence agencies, had broken into the networks of the Democratic National Committee,” said The Times’ report on the incident.

The New York Times said its Moscow bureau was targeted earlier this month, though no evidence shows the hackers succeeded.