Google has recently stated that government hackers used three undiscovered flaws in Apple's iPhone operating system to target users with spyware created by a European startup, last year.
Google's Threat Analysis Group (TAG), which investigates nation-backed hacking, has published a report recently analysing several government campaigns using hacking tools developed by several spyware and exploit sellers, including a Spain-based startup called Variston.
Google has reported that in a particular campaign, in which the hackers have been working for the government exploited three iPhone vulnerabilities known as "zero-days," which were not previously known to Apple.
The hacking tools used in the attack were developed by Variston, a startup that specialises in surveillance and hacking technology.
Google has already analysed Variston's malware twice, once in 2022 and again in 2023.
The tech giant said that it identified a previously unknown customer of Variston using zero-day exploits to target iPhones in Indonesia in March 2023.
The attackers employed a technique of sending a malicious link via SMS text message to infect the target's phone with spyware. Afterwards, the victim was redirected to a news article published by the Indonesian newspaper, Pikiran Rakyat.
It is unclear who Variston sold its spyware to. Variston, according to Google, works "with several other organisations to develop and deliver spyware."
As per the IANS report, Google also mentioned in the report that their researchers are tracking approximately 40 companies that sell surveillance software and exploits to government clients across the globe.
The report highlighted a few relatively new companies, including Variston, Cy4Gate, RCS Lab and Negg.
In its report, Google stated that it is committed to preventing hacking activities using these companies' capabilities, which have been linked to targeted monitoring of journalists, dissidents, and politicians.
ALSO READ: How does Apple make its devices safe for families?