Cyberweapons Manufacturer QuaDream Shuts Down

Following a report on its activities, the Israeli spyware company QuaDream has shut down.

This was QuaDream:

Key Findings

  • Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time.
  • We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware. The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call ENDOFDAYS, appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims.
  • We performed Internet scanning to identify QuaDream servers, and in some cases were able to identify operator locations for QuaDream systems. We detected systems operated from Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE), and Uzbekistan.

I don’t know if they sold off their products before closing down. One presumes that they did, or will.

Tags: , , ,

Posted on April 25, 2023 at 6:09 AM14 Comments

Comments

Bear April 25, 2023 9:23 AM

Just pulling the good ol declare bankruptcy and reopen as QuaNap once the attention dies down.

iAPX April 25, 2023 9:39 AM

@Bear

That was exactly my thinking.

Until the upper-level management and the investors are sued and facing prison sentences, real prison sentences, this is just a game where they collect money, bankrupt the company, start another one with an evolution of their malware and continue to collect money.
Money!!!

Brenden Walker April 25, 2023 9:49 AM

Like the perpetual ‘going out of business’ furniture store, it’ll popup again with a new name and maybe some new management.. tweak the software to evade detection and back in business.

There’s simply too much money in it…

iAPX April 25, 2023 1:23 PM

@Brodie

The advantage of bankruptcy is to send a clear message that there no money anymore, thus any litigation is obviously a loss for the suing party.
Money!!!

Follow the money. That explain why investors are not named.

Brodie April 25, 2023 1:33 PM

@iAPX

Thank you. I naïvely thought they could still face penalties even if the company no longer existed. They’ve clearly hacked the system then.

iAPX April 25, 2023 6:07 PM

Quadream is owned by a Cyprus company, very probably a fuse. (Cyprus!)
And the Cyprus company owned by another one, also off-shore, and so on.

Quadream is based in Israel because this is a land of technology, from my point-of-view maybe the country with the most technologies created per inhabitant for the last 50 years!

When ownership is all but transparent, you might expect everything, and certainly something ugly.

Erdem Memisyazici April 25, 2023 11:06 PM

This is maybe the millionth post I’ve read with a similar story.

It’s really not news at this point.

Everybody knows there is always a few critical exploits engineered into the products that gets traded in a hierarchy of broken software.

For large companies like Apple and Microsoft given the sheer number of copies distributed this should be no trouble to find and fix. But everyone also knows that would be bad for the IT Security business model where the average person has no hope for objective privacy because they lack options.

As long as this isn’t governed openly there will not be any solutions and we will continue to read the same articles.

This idea that the people’s heads would explode if they found out all their data is for sale at the right price really has no weight, everyone knows this.

What we need is for government to catch up openly to the state of affairs in the world of “Big Tech”.

ResearcherZero April 26, 2023 4:22 AM

Many of the exploits are actually quite technically advanced.

‘https://www.wired.com/story/untold-history-americas-zero-day-market/

Clive Robinson April 26, 2023 4:24 AM

@ Bruce, ALL,

“I don’t know if they sold off their products before closing down. One presumes that they did, or will.

Depends on who “owned their products”…

Quadream, my never have “owned” only leasesed or held a licence to sell or manufacture.

Also the use may have been as a “Directors loan” into the company, where the director can take it back at any time or an acceptable replacment…

But depending on where the company actually is, the directors are alowed to sell off any and all assets at any price they can get to try to get the company out of debt.

There is also the case of putting up such assets as surety against a loan.

But my bet is that behind this company you will find a Venture Capitalist who was sinking in money to “pump it up” to then sell it off at an artificially high price.

It is a game we’ve seen more and more of lately. In essence it’s a form of con, or “pump and dump” only technically legal due to the fact what is being sold is the whole company or controling stake thus the buyer has to do “due diligence” of various forms.

It’s effectively the same con trick those selling a plot of land with a non residential delapidated building only fit for demolition on it pull. Such a building is a liability and significantly devalues the sale price of the plot of land. However send in a bunch of contractors to slap plaster and paint on it, and shazam it’s nolonger a liability but an asset that takes the value of the plot up by way more than the cost of “Slapping lipstick on the pig”.

Thus I suspect Quadream has been “killed” due to “bad publicity” killing it’s “primed price”. But as the assets of such a company are not tangible physical objects just something you could put on a memory stick in your pocket…

Which brings us around to why Israel as a base. Well there are various reasons some I’ve had personal experience of.

I’ve had three of my designs stolen by supposadly different Israeli companies, who then were selling in competition by pretending to be an “agent”. Thus their “cheap knock offs” caused not just potential and actual harm to those they sold to. But also harm to the company of a life long friend I’d put the designs into.

We’d worked out that the same “Directing mind” was behind it, we even tracked down who was manufacturing for them in China, but we could not get past the “Official Israeli Protection” racket that the “Directing mind” was using as part of a “curtain to hide behind”…

As some may know China now runs it’s own “Steal IP and sell it” racket and getting past the “Official Chinese Protection” is effrctively impossible. Even when you do find out “the who” and they are acting from a non Chinese state, you don’t get much luck. In the most recent case of IP theft of what I’d designed, we reported “the who” as “An economic agent of a hostile foreign power” to the UK authorities but as the then Chancellor George “gidiot / white lines” Osborne was a “China fan buoy” you can guess how far that investigation has gone…

For those in the US looking for a legal safe haven for misbehaving, Delaware is not the only place on the surface of the world you can use the UK via LLC and Israel will do just as well and give “a fine layer of gloss” over the likes of China and similar.

To many of the less than honest “It’s the new long con of the Global Supply Chain”.

vas pup April 26, 2023 6:29 PM

Israel Police use of NSO spyware set to be probed by Knesset subcommittee
https://www.timesofisrael.com/israel-police-use-of-nso-spyware-set-to-be-probed-by-knesset-subcommittee/

“The Knesset’s Constitution, Law and Justice Committee announced on Sunday that it would establish a subcommittee tasked with probing police use of Israeli-made wiretapping software Pegasus to spy on Israeli citizens by hacking their phones.

Persistent accusations have alleged that police have access to a watered-down version of Pegasus, known as Saifan, which reportedly allows police access to Israelis’ phones, including the ability to covertly listen to conversations.

…the police exceeded the bounds of warrants they had received to hack into phones on four occasions, and therefore had the potential to obtain information that was not legally available to them.

Along with a series of recommendations for how to navigate use of such technological methods, the report suggested that the approval of the attorney general be required for any such new technologies, that a team be established to work with the police’s own legal department, and that better oversight of such issues be put in place.”

What about US Congress looking into usage US version of Pegasus Phantom on US citizens?

vas pup April 26, 2023 6:38 PM

Israeli spy tech firm said shut after report found it targeted foreign activists
https://www.timesofisrael.com/israeli-spy-tech-firm-said-shut-after-report-found-it-targeted-foreign-activists/

“An Israeli surveillance firm, which was found last week to have sold phone hacking software used by countries to target journalists and opposition figures, is closing down, Hebrew media reported on Sunday.

QuaDream, which has been in dire financial straits in recent months, received a critical blow upon the release of findings last week by cybersecurity watchdog Citizen Lab, the Calcalist newspaper reported, citing sources within the company.

Employees were summoned for a pre-termination hearing on Sunday, the report said. The company is now practically defunct, with =>only two people remaining employed to ensure the safety of the remaining equipment, while the firm sells off its intellectual property.

QuaDream is a smaller competitor of Israel’s NSO Group, which was blacklisted by the US in 2021 for its ties to the illegal surveillance of government officials, journalists, dissidents, and others often paid by authoritarian regimes.

=>Citizen Lab identified clients of QuaDream’s REIGN program in Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan.

REIGN’s “Premium Collection” capabilities included “real-time call recordings, camera activation — front and back,” and “microphone activation,” according to a company brochure uncovered by Citizen Lab.

The brochure said the cost of being able to launch 50 smartphone break-ins per year was $2.2 million, exclusive of maintenance costs. But two sources familiar with sales of the software said the price for REIGN was typically higher, Citizen Lab found.

“Once QuaDream infections become discoverable through technical methods, a predictable cast of victims emerged: civil society and journalists,” the Citizen Lab report stated, though it did not identify the alleged targets.”

Some additional information from the country of company location.

Anonymous October 4, 2023 4:01 PM

I hit Escape because the Enter key was not a vision of the future. I am therefore, trying to escape into the future but I found out that in the future, I won’t be able to survive unless I sell my dream; however, I cannot sell my dream because I cannot describe it: the only form of slavery is the inability to express yourself.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.