QuaDream is an Israeli spyware maker which uses zero-click exploits on Apple gear. The company has flown under the radar perhaps because the Tame Apple Press tends to believe that Apple is less hackable than other products. But in 2021, the Israeli newspaper Haaretz discovered that QuaDream sold its wares to Saudi Arabia. The next year, Reuters reported that QuaDream sold an exploit to hack iPhones that were similar to one provided by NSO Group.
QuaDream's customers operated servers from several countries including Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan, according to internet scans done by Citizen Lab. This meant that if journalists or opposition figures used an iPhone they could be immediately arrested.
Fortunately for Apple, Citizen Lab and Microsoft have been looking into the mess. Microsoft said it found the original malware samples, and then shared them with Citizen Lab's researchers, who could identify more than five victims -- an NGO worker, politicians, and journalists -- whose iPhones were hacked.
The exploit used to hack those targets was developed for iOS 14, and at the time, was unpatched and unknown to Apple. The government hackers who were equipped with QuaDream's exploit used malicious calendar invites with dates in the past to deliver the malware, according to Citizen Lab.