Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
1 CVE Mallory has correlated with this family across public research and vendor advisories. Each row links to the full Mallory page for that vulnerability.
NSO Group разработала FORCEDENTRY именно для обхода BlastDoor: CoreGraphics обрабатывал PDF внутри BlastDoor, но JBIG2-декодер использовался для построения логических примитивов.
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
NSO Group разработала FORCEDENTRY именно для обхода BlastDoor: CoreGraphics обрабатывал PDF внутри BlastDoor, но JBIG2-декодер использовался для построения логических примитивов.
4 distinct techniques documented for this family, organized by ATT&CK tactic.
"Defendants executed the FORCEDENTRY exploit first by using their computers to contact Apple servers in the United States and abroad to identify other Apple devices. Defendants contacted Apple servers using their Apple IDs to confirm that the target was using an Apple device."
Adversaries may exploit software vulnerabilities to gain initial access to a mobile device. This can be accomplished in a variety of ways. Vulnerabilities may be present in the applications, the services, the underlying operating system, or the kernel itself.
"Unlike exploits that require some action by the victim, such as clicking a hyperlink in a text message, FORCEDENTRY is known as a ‘zero-click’ exploit, meaning that it allowed Defendants or their clients to hack into the victim’s device without any action or awareness by the victim." | "On information and belief, from at least February until September 2021, Defendants deployed their Pegasus spyware through an exploit that Citizen Lab named ‘FORCEDENTRY.’"
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Zero-click эксплойт для iPhone, использующий integer overflow в CoreGraphics при обработке PDF с JBIG2-данными; доставлялся через iMessage в виде .gif-файлов, которые фактически были PDF, и позволял компрометацию полностью обновлённых устройств без действий жертвы.
Zero-click exploit chain для iMessage, использующая PDF/JBIG2 и integer overflow в CoreGraphics для достижения RCE и обхода защитного механизма BlastDoor на устройствах Apple.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.