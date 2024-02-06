



According to Google, government hackers last year exploited three unknown vulnerabilities in Apple's iPhone operating system to target victims with spyware developed by a European startup.

On Tuesday, the Google Threat Analysis Group, the company's team that investigates state-sponsored hacks, said it was using hacking tools developed by multiple spyware and exploit sellers, including Barcelona-based startup Variston. published a report analyzing several government campaigns.

According to Google, in one of the campaigns, government hackers exploited three “zero days” on the iPhone. These vulnerabilities were unknown to Apple at the time they were exploited. In this case, the hacking tool was developed by Variston, a surveillance and hacking technology startup. The company's malware has already been analyzed twice by Google in 2022 and 2023.

Google announced in March 2023 that it discovered that an unknown Variston customer was using these zero-days to target iPhones in Indonesia. The hacker delivered his SMS text message containing a malicious link that infected the target's mobile phone with spyware and redirected the victim to a news article in the Indonesian newspaper Pikiran Rakyat. Google has not disclosed who Baliston's government customers are in this case.

An Apple spokesperson did not comment when asked by TechCrunch if the company was aware of the hacking activity discovered by Google.

While Variston continues to attract attention from Google, the company has lost several employees over the past year, according to former staffers who spoke to TechCrunch on condition of anonymity due to non-disclosure agreements.

It is still unclear to whom Variston sold the spyware. According to Google, Variston works with several other organizations to develop and distribute spyware.

Google said one of those organizations is Protected AE, which is based in the United Arab Emirates. Local business records identify the company as Protect Electronic Systems, which was founded in 2016 and is headquartered in Abu Dhabi. On its official website, Protect touts itself as a leading cybersecurity and forensics company.

According to Google, Protect “combines the spyware it develops with Heliconia's framework and infrastructure into a complete package and sells it directly to local intermediaries or government customers.” This refers to the Varistons software Heliconia, which Google previously detailed. 2022.

Variston was founded in Barcelona in 2018 by Ralph Wegener and Ramanan Jayaraman, and shortly after acquired Italian zero-day research firm True IT, according to Spanish and Italian business records seen by TechCrunch.

Mr. Wegener and Mr. Jayaraman did not respond to email requests for comment. Protect representatives also did not respond.

While Israeli companies such as NSO Group, Candiru, and QuaDream have received much attention in recent years, Google's report shows that European spyware makers are expanding their reach and capabilities.

Google said in the report that its researchers are tracking about 40 spyware makers that sell exploits and surveillance software to government customers around the world. In the report, Google cites Variston as examples of relatively new companies entering the market, as well as Italian companies Cy4Gate, RCS Lab, and Negg. RCS Lab, which he founded in 1993 and was a partner in the now-defunct spyware maker Hacking Team, did not develop any spyware in-house until recently, instead developing products for traditional phone eavesdropping at the telecom provider level. was focused on sales.

In its report, Google said it would stop hacking campaigns conducted using the tools of these companies as they are associated with targeted surveillance of journalists, dissidents, and politicians. He said he would do his best.

Commercial surveillance vendors (CSV) are enabling the spread of dangerous hacking tools, Google said in a report. The harm is not hypothetical. Spyware vendors note that their tools are used legally by law enforcement and counterterrorism. However, it is well documented that spyware has been deployed against journalists, human rights activists, dissidents, and opposition politicians, whom Google calls high-risk users.

Although spyware targets a smaller number of users than other types of cyber threat activity, the subsequent impact is far more far-reaching, the company wrote. This type of focused targeting threatens free speech, press freedom, and election integrity around the world.

