Google Claims Government-Backed Hackers Targeted Apple iPhone

Google’s Threat Analysis Group claims to have uncovered a series of government-backed hacking operations that exploited previously unknown vulnerabilities in Apple’s iPhone OS, using spyware allegedly developed by Barcelona-based startup Variston.

TechCrunch reports that in a recent article published by Google’s Threat Analysis Group — a team dedicated to investigating nation-backed cyber threats — a European startup named Variston has been identified at the core of a sophisticated espionage campaign targeting Apple iPhone users. The campaign reportedly leveraged three “zero-day” vulnerabilities — security flaws unknown to Apple at the time of exploitation—to install spyware on victims’ devices. This operation, detected in March 2023, specifically targeted individuals in Indonesia through a malicious SMS link.

Variston, which has previously come under Google’s scrutiny in 2022 and 2023, allegedly developed the hacking tools utilized in these campaigns. Despite losing multiple employees over the past year, as reported by former staff under conditions of anonymity to TechCrunch, Variston’s activities and client list, particularly its government customers, have remained shrouded in secrecy.

The company’s association with Protected AE, a UAE-based cybersecurity firm, highlights the collaborative and international nature of the spyware market. Protected AE integrates Variston’s Heliconia software into comprehensive spyware solutions, marketed directly to government entities.

Variston, founded in 2018 in Barcelona by Ralf Wegener and Ramanan Jayaraman, and the acquisition of Italian zero-day research company Truel IT, illustrates the rapid development and increasing influence of European firms in the global spyware market. Despite the focus on Israeli companies like NSO Group in recent years, Google’s report highlights the significant role of European entities like Variston, Cy4Gate, RCS Lab, and Negg in supplying surveillance tools to government customers worldwide.

In its report, Google wrote: “Commercial surveillance vendors (CSVs) are enabling the proliferation of dangerous hacking tools. The harm is not hypothetical. Spyware vendors point to their tools’ legitimate use in law enforcement and counterterrorism. However, spyware deployed against journalists, human rights defenders, dissidents, and opposition party politicians — what Google refers to as ‘high risk users’ — has been well documented.”

Google added: “While the number of users targeted by spyware is small compared to other types of cyber threat activity, the follow-on effects are much broader. This type of focused targeting threatens freedom of speech, a free press, and the integrity of elections worldwide.”

Is this real? I know they never gave up spying on us but can you take this camera out like this or has it been augmented for clout? pic.twitter.com/RuFgdDk9CW

— Sassy red socks (@Twitawoo8) February 5, 2024