Cyber Incident Victim: State of Qatar
Date:
Jan 2016
Location:
United Arab Emirates
Summary
The United Arab Emirates employed a sophisticated cyber espionage tool named Karma, developed by an external vendor and operated through a unit involving former U.S. intelligence contractors, to compromise iPhones by exploiting an iMessage vulnerability. This tool enabled unauthorized access to the device of Qatar's Emir alongside other regional figures, extracting personal data including messages, photos, location information, and saved passwords without requiring target interaction. The operation, part of a broader cyber campaign targeting activists and rival governments, leveraged automated systems to harvest sensitive information, though its effectiveness diminished following security updates to Apple's software.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The United Arab Emirates deployed a sophisticated cyber espionage tool named Karma between 2016 and 2017 to remotely compromise iPhones belonging to activists, diplomats, and foreign leaders, including Qatar’s Emir Sheikh Tamim bin Hamad al-Thani. Operated by a UAE intelligence unit called Project Raven—staffed by Emirati security officials and former U.S. intelligence contractors—Karma exploited an undisclosed vulnerability in Apple’s iMessage system. The tool required only a target’s phone number or email address to initiate a hack, bypassing the need for victims to click malicious links. Once compromised, Karma harvested photos, emails, text messages, location data, and saved passwords from iPhones. The UAE purchased Karma from an unidentified foreign vendor, and operatives used it to monitor hundreds of individuals across the Middle East and Europe, focusing on regional rivals like Qatar, Turkey, and Oman, as well as critics of the UAE government, such as Yemeni Nobel laureate Tawakkol Karman.
The campaign specifically targeted Qatar’s Emir in 2017, though the exact data extracted from his device remains unclear. Karma’s effectiveness diminished by late 2017 due to Apple’s iOS security updates. Former operatives described the tool as highly automated, enabling bulk targeting with minimal operator input after initial setup. The UAE did not publicly acknowledge Karma or Project Raven, and its Foreign Ministry declined to comment. Apple also declined to address the exploit. Turkish former Deputy Prime Minister Mehmet Şimşek, another confirmed target, condemned the intrusion as “appalling and very disturbing.” Karman expressed shock that U.S. personnel aided the UAE in surveilling activists, contrasting their involvement with expectations of American support for human rights. Reuters found no evidence that compromising materials obtained via Karma were leaked by the UAE. The incident highlighted the proliferation of advanced cyber capabilities beyond major powers, with tools like Karma enabling smaller nations to conduct large-scale digital espionage.