NSO Group reportedly hacked multiple US officials

Apple informed the US State Department that it found a number of cases of staff iPhones being hacked with Pegasus spyware

A number of US officials have been reportedly been contacted by Apple informing them that their iPhones have been hacked by NSO Group. 

Early efforts have led investigators to believe that the hack was carried out using the Pegasus tool developed by Israel-based NSO Group. The company was only recently added to the US’ entity list.

The attacks targeted US State Department staff either working in Uganda or focusing their work on matters related to the African country, according to Reuters which first reported the story. 

The attacks are believed to have taken place over the past few months and initial reporting revealed at least nine staff were successfully targeted, with other reports suggesting the number might be slightly higher at 11.

NSO Group published a statement on Friday saying it plans to investigate the situation and terminate the contract it has with whatever country is found to have misused the Pegasus tool.

“Last night, following an inquiry we received alleging Ugandan phone numbers used by US government officials were hacked, we immediately shut down all the customers potentially relevant to this case, due to the severity of the allegations, and even before we began the investigation,” said NSO Group.

“This termination took place despite the fact that there is no indication the phones were targeted by NSO’s technology. The claims of all involved parties specifically mentioned there is no indication, let alone proof, that it was NSO’s tools that were used by these customers.”

IT Pro contacted the US State Department and Apple for comment but neither replied at the time of the publication. Both have declined to comment to other media. 

NSO Group has faced numerous challenges in the previous few months. Most recently, Apple filed a lawsuit against the company for allegedly hacking Apple users and violating US laws.

Since the group was linked to Pegasus, the highly invasive spying tool made by NSO Group and licensed to other countries with approval from the Israeli government, many western countries have turned their backs on the company.

The US government added NSO Group to its entity list which heavily restricts the business opportunities of those on the list with the US.

Related Resource

Network virtualisation for dummies

Why you need to virtualise your network

For Dummies style cover with whitepaper title at the topFree download

It was this development that led newly appointed CEO Isaac Benbenisti to quit the post before he even started at the company.

As well as reportedly being faced with significant financial difficulty, NSO Group has continually battled the allegations fielded to it, that it helps rogue nations attack activists, journalists, and other individuals deemed to be threats. 

Notable victims of the Pegasus spyware include Jamal Khashoggi, a prominent critic of the Saudi Arabian government, whose phone was found to have Pegasus installed on it after he was murdered in Istanbul in 2018.

NSO Group remains firm on its stance that Pegasus is not a tool to be used for malicious purposes and instead Pegasus is bought and used by governments for good, like combatting terrorism.

The company has said it installed security controls in Pegasus which prevent spying on innocent targets. For example, Pegasus cannot be used on US phone numbers, those beginning with a +1 country code.

The US officials found to have Pegasus on their iPhones were using Ugandan-registered phones, reports indicate, which means the country code would have been different and perhaps not included in the security controls for innocents.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Bahrain targets activists with NSO's Pegasus spyware
spyware

Bahrain targets activists with NSO's Pegasus spyware

24 Aug 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022