Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft.
The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company “hasn’t been fully active for a while” and that it “has been in a difficult situation for several months.”
The company’s board of directors are looking to sell off its intellectual property, the report further added.
News of the purported shutdown comes as the firm’s spyware framework – dubbed REIGN – was outed as having been used against journalists, political opposition figures, and NGO workers across North America, Central Asia, Southeast Asia, Europe, and the Middle East.
Microsoft described REIGN as a “suite of exploits, malware, and infrastructure designed to exfiltrate data from mobile devices.”
The attacks entailed the exploitation of a now-patched flaw in iOS to deploy sophisticated surveillanceware capable of surreptitiously gathering sensitive information, including audio, pictures, passwords, files, and locations.
Apple told The Hacker News last week that there was no indication to suggest that the exploit, codenamed ENDOFDAYS, has been put to use since the company released iOS 14.4.2 in March 2021.
QuaDream, like its Israeli counterparts NSO Group and Candiru, is a private-sector offensive actor (PSOA) that markets end-to-end hacking tools that can be utilized by its customers in running the operations.
Master the Art of Dark Web Intelligence Gathering
Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!
While the company has largely managed to stay under the shadows, Haaretz reported in June 2021 that its spyware technology was sold to Saudi Arabia to carry out zero-click attacks against targets of interest.
Then last year, Reuters revealed that QuaDream had independently developed an exploit to break into iPhones that’s comparable to the one provided by NSO Group by leveraging a flaw in iMessage. Apple addressed the vulnerability in September 2021.