Journalists at Al Jazeera news organization have become the latest victims of an iPhone hacking that sent iMessages packed with malicious codes, Business Insider reported Tuesday.
Details of the hack that targeted 36 staff members, including television anchors and executives, have been released in a report by the University of Toronto's Citizen Lab.
The hacking technique known as "Kismet" employed a "zero-click, zero-day technology," which means Apple was unaware the intrusion tool existed and that the malicious software variant did not require targets to click on anything for it to be activated.
According to a cybersecurity monitoring group, several journalists from the Al Jazeera Media Network have been targeted this year by advanced spyware sold by a company in Israel called NSO Group, in what appears to be a large-scale espionage campaign against one of the leading media organizations in the globe.
Citizen Lab said the "Pegasus" operating system developed by NSO Group was used in the hack and suggested attacks were becoming more sophisticated and less detectable.
Spyware like Pegasus can spot a victim's location, listen to their calls, read messages, steal photos and files from their device.
NSO has dismissed the accusation, saying it was based on speculation and lacks evidence.
NSO said that its software is only intended for use by government customers to monitor terrorists and criminals.
The Citizen Lab disclosure also raises disturbing questions about the apparent weakness of the iPhone, which has sought to foster a name for security and dedication to privacy.
According to researchers, they concluded with "medium confidence" that two hackers who breached the iPhones of Al Jazeera journalists did so on behalf of the UAE and Saudi Arabian governments.
The Saudi consulate in London and the UAE embassy in Washington did not immediately respond to a request for comment.
Meanwhile, an alliance of companies has filed an amicus brief supporting a legal case brought by WhatsApp against NSO Group, claiming the company exploited an undisclosed vulnerability in the messaging platform to hack into at least 1,400 devices.
