What was QuaDream's main product?

A spyware platform called REIGN, which used zero-click exploits to compromise iPhones and exfiltrate data including calls, files, and location.

How is QuaDream different from NSO Group?

Both are Israeli commercial spyware vendors with overlapping personnel, but QuaDream was much smaller, less publicly known, and reportedly ceased operations in 2023, while NSO Group continued operating.

Why does QuaDream matter for policy debates?

It is a key example used in discussions of export controls, mercenary spyware regulation, and measures like U.S. Executive Order 14093 and the European Parliament's PEGA inquiry.

QuaDream | Model Diplomat

QuaDream was founded in Israel around 2016, reportedly by former employees of NSO Group and ex-Israeli intelligence personnel. The company developed and sold a smartphone exploitation platform marketed under the name REIGN, designed to give government clients remote access to targeted iPhones, including the ability to record calls, capture microphone audio, exfiltrate files, and track location.

In April 2023, two coordinated reports brought QuaDream to wider public attention:

Citizen Lab (University of Toronto) published technical findings identifying a zero-click iOS exploit it called ENDOFDAYS, which it attributed to QuaDream and said had been used against iOS 14 devices. Citizen Lab reported victims including journalists, political opposition figures, and an NGO worker across several countries.
Microsoft Threat Intelligence published a parallel report on the same actor, which it tracked as DEV-0196, describing the KingsPawn malware toolset associated with QuaDream's platform.

Reported or suspected government customers cited in press reporting have included Saudi Arabia, the United Arab Emirates, Singapore, Mexico, Ghana, and Uzbekistan, though QuaDream did not publicly confirm its client list.

Shortly after the April 2023 disclosures, multiple outlets — including Israeli business daily Calcalist and Reuters — reported that QuaDream was winding down operations and dismissing staff, citing both the reputational fallout and Israeli export-license constraints that had tightened in the wake of the NSO Group / Pegasus controversy.

QuaDream is frequently cited alongside NSO Group, Candiru, Cytrox (Predator), and Paragon as part of the commercial spyware industry that has become a focus of policy debates at the UN Human Rights Council, in the U.S. (Executive Order 14093 of March 2023 restricting federal use of commercial spyware), and in the European Parliament's PEGA committee inquiry. For MUN and IR researchers, QuaDream is a useful case study in mercenary spyware, export controls on dual-use surveillance technology, and the limits of self-regulation in the offensive cyber sector.

QuaDream

Frequently asked questions