AWS shuts down NSO Group infrastructure

The Israeli company’s Pegasus spyware was used to target at least 50,000 mobile phones

Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli firm NSO Group.

The news comes after an investigation found that the company’s Pegasus spyware was used to target at least 50,000 journalists, government and union officials, human rights activists, business executives, religious figures, academics, NGO employees, and lawyers.

Pegasus was used to extract messages, photos, and emails, as well as to record calls and activate microphones on iOS and Android devices.

NSO Group denied the accusations, stating that its tools are used “for the sole purpose of saving lives through preventing crime and terror acts”.

“Our technologies are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones,” the company announced.

However, AWS has branded NSO Group’s actions as “hacking activity”.

A spokesperson for the cloud computing provider told IT Pro that it had shut down NSO Group’s infrastructure as it “was confirmed to be supporting the reported hacking activity”.

This was “in accordance with [AWS’] terms of use”, they added.

Amnesty International, a partner of the Pegasus Project, a collective of 17 media organisations investigating the spyware, found evidence to suggest that NSO Group had only been an AWS customer for a few months.

One Pegasus-infected phone that was dissected by the organisation sent data "to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months”.

Amazon CloudFront is a content delivery network (CDN) that provides customers with the ability to deliver content, including data, videos, and APIs, securely with low latency and at a high speed.

“Amnesty International suspects the shutting down of the V4 infrastructure coincided with NSO Group’s shift to using cloud services such as Amazon CloudFront to deliver the earlier stages of their attacks,” said the human rights NGO, adding that “the use of cloud services protects NSO Group from some Internet scanning techniques”.

AWS didn’t elaborate on whether the decision to ban NSO Group from its services could be reconsidered in the future.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Amazon relaxes remote working policy under new CEO
flexible working

Amazon relaxes remote working policy under new CEO

12 Oct 2021
Amazon, Microsoft, Google back creation of Trusted Cloud Principles
privacy

Amazon, Microsoft, Google back creation of Trusted Cloud Principles

1 Oct 2021
AWS makes Amazon Managed Service for Prometheus generally available
Amazon Web Services (AWS)

AWS makes Amazon Managed Service for Prometheus generally available

30 Sep 2021
Amazon to offer cyber insurance to UK SMBs
cyber security

Amazon to offer cyber insurance to UK SMBs

28 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Supply chain breaches impacted 97% of firms in the past year
supply chain management (SCM)

Supply chain breaches impacted 97% of firms in the past year

12 Oct 2021