- Apple iPhones of at least nine US State Department employees were hacked by an unidentified attacker using sophisticated spyware developed by Israel-based NSO Group, according to four people familiar with the matter.
- The hacks took place over the past several months and hit the phones of US officials working in or with Uganda.
- These are the most widely known hacks of US officials with technology created by NSO Group.
Apple iPhones of at least nine US State Department employees were hacked by an unidentified attacker using sophisticated spyware developed by Israel-based NSO Group, according to four people familiar with the matter.
Two sources said the hacks that occurred over the past several months either struck US officials based in Uganda or focused on matters related to the East African country.
The intrusion, first reported here, represents a widely known hack of US officials via NSO technology. First, a list of potential target numbers, including some US officials Reporting on NSO surfaced, but it was not clear whether the infiltration was always attempted or successful.
Reuters could not determine who launched the latest cyberattacks.
NSO Group said in a statement on Thursday that there was no indication that their equipment was used, but canceled related accounts and would investigate based on inquiries from Reuters.
An NSO spokesperson said, “If our investigation shows that these actions have indeed occurred with NSO’s equipment, such customer will be permanently terminated and legal action will be taken.” We will have the information.”
NSO has long said that it only sells its products to government law enforcement and intelligence customers to help them monitor security threats, and is not directly involved in surveillance operations.
Ugandan embassy officials in Washington did not comment. An Apple spokesperson declined to comment.
A State Department spokesman declined to comment on the incursion, instead pointing to a recent decision by the Commerce Department to put the Israeli company on an entity list, making it harder for US companies to do business with them.
The NSO Group and another spyware firm were added to the entity list “based on a determination that they developed and supplied spyware to foreign governments that could use the device for government officials, journalists, businessmen, activists, academics and embassies.” Used to maliciously target employees.” Commerce department said in an announcement last month.
NSO software is able to not only capture encrypted messages, photos and other sensitive information from infected phones, but also turn them into recording devices to monitor the surroundings, based on product manuals reviewed by Reuters.
Apple’s alert to affected users did not name the manufacturer of the spyware used in the hack.
Victims notified by Apple included US citizens and could easily be identified as US government employees because they linked to email addresses that ended in state.gov With their Apple IDs, the two men said.
Those and other targets notified by Apple in many countries The sources said the same graphics were infected with a processing vulnerability that Apple didn’t fix until September.
Since at least February, this software flaw allowed some NSO customers to take control of iPhones by sending invisible yet tainted iMessage requests to the device, researchers investigating a spying campaign said.
Victims will not need to interact with or see a signal for the hack to be successful. Versions of the NSO monitoring software, commonly known as Pegasus, can then be installed.
In a public response, NSO has said that its technology helps prevent terrorism and that they have established controls to prevent espionage against innocent targets.
For example, NSO says its intrusion system may not work on phones with US numbers beginning with country code +1.
But in the Uganda case, the targeted State Department employees were using iPhones registered with foreign telephone numbers, two sources said, without US country codes.
A senior Biden administration official, speaking on condition of anonymity, said the threat to US personnel overseas was one reason the administration was cracking down on companies like NSO and sparking new global discussions about the extent of espionage. Was.
The official said he has seen “systemic abuse” in several countries linked to NSO’s Pegasus spyware.
Historically, some of the best-known past clients of the NSO Group have included Saudi Arabia, the United Arab Emirates, and Mexico.
Israel’s Defense Ministry must approve the export license of NSO, which has close ties with Israel’s defense and intelligence communities, in order to sell its technology internationally.
The Israeli embassy in Washington said in a statement that targeting US officials would be a serious violation of its rules.
“As noted, cyber products are monitored and licensed to export to governments only for purposes related to terrorism and serious crimes,” an embassy spokesperson said. “The licensing provisions are very clear and if these claims are true, it is a serious violation of these provisions.”