Reuters wrote an interesting group of articles on Karma (a rootkit for iOS) and Project Raven (a group of ex-NSA contractors and employees who worked for the UAE). There are a couple of interesting features in this story, not the least of which is that this is the first time we've seen tradecraft migrate from tier-one cyber groups to other countries in this way. And from the looks of things, none of this was, at least initially, illegal. I expect we'll see some repercussions though, at least in the US, and likely in other countries with advanced cyber capabilities as they try to more strongly manage these capabilities.
There was one detail though, a small one, that I personally found very interesting that I thought I'd point out. In "Inside the Villa" section, Reuters goes over the process Raven used for targeting and exploitation. Step two of that process was: