NSO Spyware Used To Hack The State Department

Israeli surveillance software firm NSO Group’s spyware has been used by an unknown assailant to hack the cell phones of at least nine United States State Department employees.

Apple has informed officials at the US State Department that an unknown cyber actor has been hacking their iPhones.

NSO’s Pegasus spyware is capable of remotely logging data from an infected iOS or Android device and can be used to covertly turn on a phone’s microphones or cameras.  

Pegasus is designed to infect phones using a “zero-click” attack, in which spyware can be installed without the target clicking a link or otherwise taking action and  Apple has taken legal issue with  NSO Group for allegedly misusing its services and products to place a hacking tool on some users' iPhones.

Some US officials targeted were either based in Uganda’s capital Kampala, or worked on matters related to the country. Some Ugandan political leaders were also reportedly attacked by the cyber espionage campaign. The victims notified by Apple were identifiable as US government employees through their email addresses associated with their Apple IDs, ending in state.gov.

It is understood that the devices were compromised through the same zero-day graphics processing bug that Apple fixed in September this year.

An NSO spokesperson told Reuters that the company is investigating the matter and has already terminated the relevant customers' access to its tools and systems. The spokesperson added that NSO Group currently has no indication that its tools were used to hack US officials. "If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," the spokesperson said, also adding that the company would "cooperate with any relevant government authority and present the full information we will have."

Researchers at Citizen Lab at the University of Toronto recently discovered the code behind an NSO exploit that was alleged to have been used to infect iPhones earlier this year. The exploit, which was then promptly fixed by Apple, used a vulnerability in the company’s iMessage function on all Apple products.

NSO’s spyware is capable of not only capturing photos, messages, and other sensitive information from compromised devices, but also turning them into recording devices to monitor their surroundings.

Pegasus software has been sold to governments around the world, including Mexico, Saudi Arabia, the United Arab Emirates, India, Bahrain, Azerbaijan, Hungary, Kazakhstan, Morocco and Rwanda. Privacy advocates have long warned that NSO Group does not have enough controls in place to limit how its customers use the powerful cyber surveillance tools it sells. 

Amnesty International researchers revealed how widespread the use of NSO Group's spyware is earlier this year, saying that Pegasus may have been used to snoop on more than 1,000 journalists, rights activists and other prominent individuals from about 50 countries.

Last month, the US government placed NSO Group on a trade blacklist, stating that the company's software had 'enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists'. In its lawsuit, Apple said that NSO Group and its parent company OSY Technologies should be held accountable for the surveillance and targeting of Apple users, and banned from using any Apple devices, software or services 'to prevent further abuse and harm to its users'.

In its complaint, Apple describes NSO Groups as '....notorious hackers - amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.'  NSO Group denies those claims, saying it only works with law enforcement, military, and intelligence agencies from countries with good human-rights records.

Reuters:       Computing:       Guardian:     The Verge:     TimesofIsrael:    CNN      Washington Post

You Might Also Read: 

The Spycraft Revolution:

 

« Panama Boosts Maritime Cyber Security
A Short Guide To Building Cloud-Based SaaS Applications »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

Certes Networks

Certes Networks

Certes Networks offers an encryption management solution that can be seamlessly integrated and is interoperable with any network.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.