According to four people familiar with the matter, the Apple iPhones of at least nine US State Department employees were hacked by an unknown attacker using sophisticated spyware developed by the NSO Group. Israel-based development.
The attacks, which took place over the past few months, have targeted US officials based in Uganda or focused on matters involving the East African nation, two of the sources said.
The intrusions, first reported here, represent the most widely known hacks of US officials through NSO technology. Previously, a list of potential targets including several US officials appeared when reporting on NSO, but it is not clear whether the intrusions were always attempted or successful.
Reuters could not determine who launched the latest cyberattacks.
NSO Group said in a statement Thursday that it has no indication that its tools have been used but has revoked access to relevant customers and will investigate. on the Reuters investigation.
An NSO spokesperson said: “If our investigation shows that these actions did indeed occur with NSO tools, that customer will be permanently terminated and the actions taken will be subject to permanent termination. legal action will take place,” an NSO spokesperson said, adding that NSO would also “cooperate with any relevant government agencies and present the full range of information we will have. “
NSO has long said it only sells its products to government law enforcement and intelligence clients, helping them monitor for security threats and not directly engage in surveillance activities.
Officials at the Ugandan embassy in Washington were not available for comment. An Apple spokesperson declined to comment.
A State Department spokesperson declined to comment on the intrusions, instead pointing to the Commerce Department’s recent decision to include the Israeli company on the entity list, making it difficult for American companies to do business. with them more.
NSO Group and another spyware company were “added to the Entity List based on the determination that they developed and provided spyware to foreign governments that used the tool to target malicious targeting of government officials, journalists, business people, activists, academics and embassy staff,” the Commerce Department said in a statement last month.
Easy to identify
NSO software is not only capable of recording encrypted messages, photos and other sensitive information from infected phones, but also turns them into recording devices to monitor the surrounding environment, based on product manuals reviewed by Reuters.
Apple warning to affected users who did not name the author of the spyware used in this hack.
The victims reported by Apple included US citizens and could easily be identified as US government employees because they linked email addresses ending in state.gov to their Apple IDs, two of which they claimed. know.
Sources say they and other targets announced by Apple in multiple countries were infected through the same graphics processing flaw that Apple did not learn and fix until September.
Since at least February, this software vulnerability has allowed some NSO customers to take control of iPhones simply by sending invisible but contaminated iMessage requests to the device, researchers have been investigating. spy translator said.
Victims will not see or need to interact with the prompt for a successful hack. Versions of the NSO monitoring software, commonly known as Pegasus, can then be installed.
Apple’s announcement that it would notify victims came the same day it sued NSO Group last week, alleging helping multiple customers hack into Apple’s mobile software, iOS.
In a public response, NSO said its technology helps prevent terrorism and that it has installed controls to limit spying on innocent targets.
For example, NSO says its intrusion system can’t work on phones with US phone numbers that start with a +1 country code.
But in the Uganda case, the State Department employees targeted were using iPhones registered with foreign phone numbers, two sources said, without US country codes.
This year, Uganda has been rattled by an election with reported irregularities, protests and a government crackdown. American officials attempted to meet with opposition leaders, angering the Ugandan government. Reuters has no evidence of hacks related to current events in Uganda.
A senior Biden administration official, speaking on condition of anonymity, said the threat to US employees abroad was one of the reasons the administration was sanctioning companies like NSO. and pursue new global discussions about the limits of espionage.
The official added that the government has seen “systematic abuse” in many countries related to NSO’s Pegasus spyware.
Senator Ron Wyden, who sits on the Senate Intelligence Committee, said: “Companies that allow their customers to hack US government employees are a threat to US national security and should be dealt with. behave like that.”
Historically, some of NSO Group’s most famous past clients include Saudi Arabia, the United Arab Emirates, and Mexico.
The Israeli Ministry of Defense must approve an export license for NSO, which has close ties to Israel’s defense and intelligence communities, to sell its technology internationally.
In a statement, the Israeli embassy in Washington said that targeting US officials would seriously violate the country’s rules.
“Cyber products like the one in question are only monitored and licensed for export to governments for purposes related to combating terrorism and serious crime,” an embassy spokesman said. said. “The license terms are very clear and if these statements are true, it is a serious violation of these terms.”
© Thomson Reuters 2021
