NSO Spyware ‘Used To Hack US Diplomats’

Apple has alerted 11 US diplomats that their iPhones were hacked by spyware from the NSO Group in recent months.

The alerts, reported by multiple media outlets citing unnamed sources, are the first confirmed cases in which software from Israel’s NSO was used to attack government officials.

NSO, which was placed on a US government blacklist a month ago over concerns about the abuse of its products, has long said its Pegasus spyware was intended only to target criminals, militants and other serious security threats.

The company said in a statement that it has suspended the accounts of unnamed clients involved in the reported attacks on US diplomats.

State-sponsored hacking

In July an investigation by several media outlets alleged that NSO’s software had been abused to hack embassy employees, political activists, human rights workers and others.

Last month Apple began alerting people who had been potentially compromised by a known Pegasus exploit called “FORCEDENTRY” and sued NSO, seeking to prevent it from using Apple products in the future.

The exploit, which has now been fixed, allowed a device to be hacked without any user interaction, after which Pegasus could be installed.

Pegasus places the device under the complete control of the attacker and allows it to be used to record its surroundings, according to NSO.

The company maintains that it has placed limits on Pegasus, such as barring it from working against US telephone numbers with the +1 country code.

Official targets

But the State Department employees targeted were using iPhones using foreign telephone numbers without the +1 country code, Reuters reported.

The attacks reportedly focused on US officials working in Uganda or elseewhere in East Africa.

NSO said it had no indication that its tools were used in the incidents but would cooperate with investigators.

The National Security Council said it was “acutely concerned” that commercial spyware like that from NSO posed a security risk to US personnel, which was why NSO and other companies were placed on the Entity List blacklist.

US Senator Ron Wyden said the federal government should have tools to detect such attacks rather than relying on the “generosity of private companies to know when their phones and devices are hacked”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

1 hour ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

1 hour ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

18 hours ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

22 hours ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

23 hours ago