NSO Spyware Used To Hack The State Department

Israeli surveillance software firm NSO Group’s spyware has been used by an unknown assailant to hack the cell phones of at least nine United States State Department employees.

Apple has informed officials at the US State Department that an unknown cyber actor has been hacking their iPhones.

NSO’s Pegasus spyware is capable of remotely logging data from an infected iOS or Android device and can be used to covertly turn on a phone’s microphones or cameras.  

Pegasus is designed to infect phones using a “zero-click” attack, in which spyware can be installed without the target clicking a link or otherwise taking action and  Apple has taken legal issue with  NSO Group for allegedly misusing its services and products to place a hacking tool on some users' iPhones.

Some US officials targeted were either based in Uganda’s capital Kampala, or worked on matters related to the country. Some Ugandan political leaders were also reportedly attacked by the cyber espionage campaign. The victims notified by Apple were identifiable as US government employees through their email addresses associated with their Apple IDs, ending in state.gov.

It is understood that the devices were compromised through the same zero-day graphics processing bug that Apple fixed in September this year.

An NSO spokesperson told Reuters that the company is investigating the matter and has already terminated the relevant customers' access to its tools and systems. The spokesperson added that NSO Group currently has no indication that its tools were used to hack US officials. "If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," the spokesperson said, also adding that the company would "cooperate with any relevant government authority and present the full information we will have."

Researchers at Citizen Lab at the University of Toronto recently discovered the code behind an NSO exploit that was alleged to have been used to infect iPhones earlier this year. The exploit, which was then promptly fixed by Apple, used a vulnerability in the company’s iMessage function on all Apple products.

NSO’s spyware is capable of not only capturing photos, messages, and other sensitive information from compromised devices, but also turning them into recording devices to monitor their surroundings.

Pegasus software has been sold to governments around the world, including Mexico, Saudi Arabia, the United Arab Emirates, India, Bahrain, Azerbaijan, Hungary, Kazakhstan, Morocco and Rwanda. Privacy advocates have long warned that NSO Group does not have enough controls in place to limit how its customers use the powerful cyber surveillance tools it sells. 

Amnesty International researchers revealed how widespread the use of NSO Group's spyware is earlier this year, saying that Pegasus may have been used to snoop on more than 1,000 journalists, rights activists and other prominent individuals from about 50 countries.

Last month, the US government placed NSO Group on a trade blacklist, stating that the company's software had 'enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists'. In its lawsuit, Apple said that NSO Group and its parent company OSY Technologies should be held accountable for the surveillance and targeting of Apple users, and banned from using any Apple devices, software or services 'to prevent further abuse and harm to its users'.

In its complaint, Apple describes NSO Groups as '....notorious hackers - amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.'  NSO Group denies those claims, saying it only works with law enforcement, military, and intelligence agencies from countries with good human-rights records.

Reuters:       Computing:       Guardian:     The Verge:     TimesofIsrael:    CNN      Washington Post

You Might Also Read: 

The Spycraft Revolution:

 

« Panama Boosts Maritime Cyber Security
A Short Guide To Building Cloud-Based SaaS Applications »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

National Crime Agency (NCA)

National Crime Agency (NCA)

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Magic Software Enterprises

Magic Software Enterprises

Magic provide Mobile Device Management (MDM) for Secure Enterprise Mobility. Magic MDM overcomes the challenges of mobile device management security by protecting all of your devices, data and content

Howden Broking Group

Howden Broking Group

Howden provides a range of specialist insurance solutions to clients around the world including Cyber Liability insurance.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Jscrambler

Jscrambler

Jscrambler addresses all your JavaScript and Web application protection needs.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

Smoothwall

Smoothwall

Smoothwall develop intelligent web filtering, Monitoring and security solutions designed to protect users worldwide.

Protergo Cyber Security

Protergo Cyber Security

Protergo Cyber Security is the first integrated provider of cybersecurity solutions in Indonesia. We proactively protect our clients from cyber threats.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.

DataGuard

DataGuard

DataGuard is a security and compliance software company trusted by organisations across the globe.