NSO spyware used to hack US State Department phones

NSO insists there is no evidence of its tool being used against US government employees

Image:
NSO insists there is no evidence of its tool being used against US government employees

Apple has reportedly informed officials at the US State Department that an unknown cyber actor has hacked their iPhones, using a tool created by Israeli surveillance software firm NSO Group.

Last month, Apple sued the Israeli company for allegedly misusing its services and products to place a hacking tool on some users' iPhones.

Citing sources familiar with the matter, Reuters reported that criminals had targeted at least nine employees working for the US Department of State using NSO Group ' s spyware over the last several months.

Two sources told the news outlet that the officials targeted were either based in Uganda or worked on matters related to the country. Some Ugandan political leaders were also reportedly attacked by the cyber espionage campaign.

The victims notified by Apple were identifiable as US government employees through their email addresses associated with their Apple IDs, ending in state.gov. The sources said the devices were compromised through the same zero-day graphics processing bug that Apple fixed in September this year.

An NSO spokesperson told Reuters that the company is investigating the matter and has already terminated the relevant customers' access to its tools and systems. The spokesperson added that NSO Group currently has no indication that its tools were used to hack US officials.

"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," the spokesperson said, also adding that the company would "cooperate with any relevant government authority and present the full information we will have."

NSO's spyware is capable of not only capturing photos, messages, and other sensitive information from compromised devices, but also turning them into recording devices to monitor their surroundings.

The company's Pegasus software has been sold to governments including Mexico, Saudi Arabia, the United Arab Emirates, India, Bahrain, Azerbaijan, Hungary, Kazakhstan, Morocco and Rwanda.

Privacy advocates have long warned that NSO Group does not have enough controls in place to limit how its customers use the powerful cyber surveillance tools it sells.

Forbidden Stories and Amnesty International, which revealed how widespread the use of NSO Group's spyware was earlier this year, say that Pegasus may have been used to snoop on more than 1,000 journalists, rights activists and other prominent individuals from about 50 countries.

Last month, the US government placed NSO Group on a trade blacklist, stating that the company's software had 'enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists'.

In its legal lawsuit filed last month, Apple said that NSO Group and its parent company OSY Technologies should be held accountable for the surveillance and targeting of Apple users, and banned from using any Apple devices, software or services 'to prevent further abuse and harm to its users'.

'[The] defendants are notorious hackers - amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse,' Apple wrote in its complaint.

The iPhone maker also revealed details about NSO Group's FORCEDENTRY exploit. Apple says threat actors were able to use the exploit to install NSO's Pegasus spyware on Apple devices. - although it has since patched the vulnerability.

NSO denies those claims, saying it only works with law enforcement, military, and intelligence agencies from countries with good human-rights records.