The Israeli-based company, NSO is under scrutiny because of the use of its spyware ‘Pegasus’ in hacking iPhones and Android devices of journalists, rival politicians, activists, and others. A new report by Reuters claims that the NSO spyware tool was used to hack the iPhone’s of at least nine U.S State Department employees by unknown attackers. The attacks were carried out in the last several months to target U.S. officials stationed in Uganda or looking after matters in East African countries.
Earlier this year, Amnesty International published a new database of cyberattack victims who were targets of state-sponsored surveillance by hacking their iPhones and Android smartphones via Pegasus. It was also reported that victims were faced harassment, imprisonment and in extreme cases, were murdered. Subsequently, a media consortium reported that over 50,000 journalists’ devices were hacked by using NSO spyware. Although with mounting pressure the spyware developer to suspend accounts of several clients, the threat Pegasus poses to national security compelled U.S Commerce Department to place the Israeli developer on an entity list.
Apple has also sued the company for helping its clients to breach iOS security and now send “Threat notifications‘ to victims of Pegasus via email or message.
U.S government employees amongst the victims of hacks via NSO spyware
According to sources, Apple sent Threat Notifications to targets of cyberattacks which included government officials who were easily identified by their associated email addresses ending in state.gov with their Apple IDs.
Although attackers can not access victims’ encrypted messages, photos, and other data, the using exploit, Pegasus gives attackers the control of the victims’ iPhones to turn them into surveillance devices to monitor their movement, calls, text messages. In its defense, NSO said that its technology is used to stop terrorism and Pegasus does not work on phones with U.S numbers. But, Reuter reports that the U.S. government officials residing abroad were targeted.
But in the Uganda case, the targeted State Department employees were using iPhones registered with foreign telephone numbers, said two of the sources, without the U.S. country code.
A senior Biden administration official, speaking on condition he not be identified, said the threat to U.S. personnel abroad was one of the reasons the administration was cracking down on companies such as NSO and pursuing new global discussion about spying limits. The official added that they have seen “systemic abuse” in multiple countries involving NSO’s Pegasus spyware.