According to the article, it seems like it was heavily based off of Apple iMessage zero-click exploits built into some platform. And even a bit of social engineering.
Past that, who knows where they get exploits from? I imagine if they're renting servers with Bitcoins to perform computer attacks, these operatives are probably familiar with darknet sites for trading secrets as well.
Past that, who knows where they get exploits from? I imagine if they're renting servers with Bitcoins to perform computer attacks, these operatives are probably familiar with darknet sites for trading secrets as well.