The iPhones of nine US State Department officials were infected by powerful and stealthy malware developed by NSO Group, the Israeli exploit seller that has come under increasing scrutiny for selling its wares to journalists, lawyers, activists, and US allies.
The US officials, either stationed in Uganda or focusing on issues related to that country, received warnings like this one from Apple informing them their iPhones were being targeted by hackers. Citing unnamed people with knowledge of the attacks, Reuters said the hackers used software from NSO.
— Norbert Mao (@norbertmao) November 24, 2021
No clicking required
As previously reported, NSO software known as Pegasus uses exploits sent through messaging apps that infect iPhones and Android devices without requiring targets to click links or take any other action. From there, the devices run hard-to-detect malware that can download photos, contacts, text messages, and other data. The malware also allows the operator to listen to audio and view video in real time.
NSO has long come under fire for selling its wares to governments hostile to journalists and dissidents. Facebook sued NSO in 2019 after Pegasus was discovered to have used the company’s WhatsApp to infect the iPhones of 36 journalists. Last month, Apple sued NSO after learning Pegasus infected 37 iPhones belonging to journalists, human rights activists, and business executives. Critics said the targets didn’t meet the criteria NSO says is required for its powerful spyware to be used. Also last month the Biden administration’s Commerce Department blocked the export, re-export and in-country transfer of NSO technology.
An NSO spokesperson said in a statement that after learning of the allegations by Reuters, it immediately terminated the responsible customer’s access to its system while it looks into the matter. NSO officials wrote:
On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have. To clarify, the installation of our software by the customer occurs via phone numbers. As stated before, NSO’s technologies are blocked from working on US (+1) numbers. Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case.
Reuters said that while the iPhones targeted in this case were all registered to overseas numbers, the target’s affiliation with the US government was obvious because they all used Apple IDs that were associated with email addresses ending in state.gov. The news outlet said the actions taken against the State Department officials “represent the widest known hacks of US officials through NSO technology.”