"Researchers at Palo Alto Networks' Unit 42 said the spyware, which they call "Landfall," was first detected in July 2024 and relied on exploiting a security flaw in the Galaxy phone software that was unknown to Samsung at the time, a type of vulnerability known as a zero-day. Unit 42 said the flaw could be abused by sending a maliciously crafted image to a victim's phone, likely delivered through a messaging app, and that the attacks may not have required any interaction from the victim."
"Itay Cohen, a senior principal researcher at Unit 42, told TechCrunch that the hacking campaign consisted of a "precision attack" on specific individuals and not a mass-distributed malware, which indicates that the attacks were likely driven by espionage. Unit 42 found that the Landfall spyware shares overlapping digital infrastructure used by a known surveillance vendor dubbed Stealth Falcon, which has been previously seen in spyware attacks against Emirati journalists, activists, and dissidents as far back as 2012."
Landfall spyware was first detected in July 2024 and exploited a previously unknown Galaxy software zero-day. The vulnerability could be triggered by a maliciously crafted image, likely delivered via messaging apps, and may have required no interaction from victims. Samsung patched the flaw (CVE-2025-21042) in April 2025. The campaign ran nearly a year and targeted specific individuals rather than being mass-distributed, indicating likely espionage and probable targeting in the Middle East. Landfall shares overlapping infrastructure with a surveillance vendor dubbed Stealth Falcon, but those links are not conclusive for government attribution. Samples were uploaded to VirusTotal from Morocco, Iran, Iraq, and Turkey.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]