At least nine US State Department employees’ Apple iPhones were hacked by an unknown attacker using advanced spyware developed by Israel-based NSO Group, according to four people familiar with the matter.
Hacking, which has happened in the past few months, has hit US officials based in Uganda or focused on issues related to East African countries, two sources said.
The first reported intrusion here represents the most widely known hack of US officials through NSO technology. Previously, a list of numbers with potential targets, including some US officials, emerged in the NSO report, but it was not clear whether the intrusion was always attempted or successful.
Reuters was unable to determine who launched the latest cyberattack.
NSO Group said in a statement Thursday that it would cancel access to related customers and investigate based on Reuters inquiries, although there are no signs that the tool was used.
“If the investigation reveals that these measures were actually taken with NSO’s tools, such customers will be permanently dismissed and legal action will be taken,” a NSO spokeswoman said. rice field. The information we have. “
NSO has long stated that it sells its products only to government law enforcement and intelligence clients, helping them monitor security threats and not being directly involved in monitoring operations. ..
Officials from the Ugandan Embassy in Washington did not comment. An Apple spokeswoman declined to comment.
A State Department spokesperson refused to comment on the intrusion and instead noted the Commerce Department’s recent decision to put an Israeli company on the entity list, which makes it difficult for U.S. companies to do business with them. ..
NSO Group and another spyware company have used this tool to develop spyware that maliciously targets government officials, journalists, businessmen, activists, scholars, and embassy workers to foreign governments. It was added to the Entity List based on the decision to supply it. ” The Commerce Department said in a statement last month.
Easy to identify
NSO software not only captures encrypted messages, photos and other sensitive information from infected phones, but also turns them into recording devices and monitors their surroundings based on product manuals reviewed by Reuters. I can do it.
Apple The warning to affected users did not name the creator of the spyware used in this hack.
The victims reported by Apple included U.S. citizens and associated an email address ending in state.gov with their Apple ID, so they could easily identify them as U.S. government officials, the two said.
Other targets that Apple has notified in multiple countries have been infected with the same graphics processing vulnerabilities that Apple didn’t learn and fix until September, sources said.
A flaw in this software has allowed some NSO customers to control their iPhones by simply sending an invisible but contaminated iMessage request to their device, according to researchers investigating spy campaigns, since at least February. It came to be.
Victims do not need to see or interact with prompts for a successful hack. You can then install a version of NSO monitoring software commonly known as Pegasus.
Apple’s announcement to notify victims came on the same day it sued NSO Group last week, accusing it of helping a number of customers break into Apple’s mobile software, iOS.
The NSO has responded to the general public that the technology has helped stop terrorism and has put in place controls to curb espionage against innocent targets.
For example, according to NSO, intrusion systems do not work on phones with US numbers starting with country code +1.
However, in the case of Uganda, the target State Department employees were using iPhones registered with foreign phone numbers without a US country code, two sources said.
Uganda was involved in elections this year with reports of fraud, protests and government crackdowns. US officials have angered the Ugandan government and tried to meet with opposition leaders. Reuters has no evidence that the hack was related to the current events in Uganda.
One of the reasons Biden’s executives are threatening foreign Americans on the condition that their identities have not been identified, and that the government is cracking down on companies such as NSOs and conducting new global debates on espionage restrictions. Said that it was one.
Officials added that the government saw “systemic abuse” in several countries, including NSO’s Pegasus spyware.
“A company that allows customers to hack US government officials is a threat to US national security and should be treated as such,” said Senator Ron Wyden of the Senate Intelligence Committee.
Historically, NSO Group’s most famous past clients included Saudi Arabia, United Arab Emirates, and Mexico.
The Israeli Ministry of Defense needs to approve its export license in order to sell NSO technology, which is closely related to Israeli defense and intelligence agencies, internationally.
In a statement, the Israeli Embassy in Washington said targeting American officials would be a serious breach of the rule.
“Cyber products such as those mentioned are supervised and licensed to be exported to the government only for counterterrorism and serious crime-related purposes,” said an embassy spokesman. “The license terms are very clear and if these claims are true, it is a serious breach of these terms.”
© Thomson Reuters 2021
IPhones of at least nine U.S. state officials allegedly hacked by NSO Group spyware
https://gadgets.ndtv.com/internet/news/iphone-hack-us-state-department-spyware-nso-group-apple-2636720#rss-gadgets-mobiles IPhones of at least nine U.S. state officials allegedly hacked by NSO Group spyware