NSO Spyware Used To Hack The State Department

Uploaded on 2021-12-06 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW

Israeli surveillance software firm NSO Group’s spyware has been used by an unknown assailant to hack the cell phones of at least nine United States State Department employees.

Apple has informed officials at the US State Department that an unknown cyber actor has been hacking their iPhones.

NSO’s Pegasus spyware is capable of remotely logging data from an infected iOS or Android device and can be used to covertly turn on a phone’s microphones or cameras.  

Pegasus is designed to infect phones using a “zero-click” attack, in which spyware can be installed without the target clicking a link or otherwise taking action and  Apple has taken legal issue with  NSO Group for allegedly misusing its services and products to place a hacking tool on some users' iPhones.

Some US officials targeted were either based in Uganda’s capital Kampala, or worked on matters related to the country. Some Ugandan political leaders were also reportedly attacked by the cyber espionage campaign. The victims notified by Apple were identifiable as US government employees through their email addresses associated with their Apple IDs, ending in state.gov.

It is understood that the devices were compromised through the same zero-day graphics processing bug that Apple fixed in September this year.

An NSO spokesperson told Reuters that the company is investigating the matter and has already terminated the relevant customers' access to its tools and systems. The spokesperson added that NSO Group currently has no indication that its tools were used to hack US officials. "If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," the spokesperson said, also adding that the company would "cooperate with any relevant government authority and present the full information we will have."

Researchers at Citizen Lab at the University of Toronto recently discovered the code behind an NSO exploit that was alleged to have been used to infect iPhones earlier this year. The exploit, which was then promptly fixed by Apple, used a vulnerability in the company’s iMessage function on all Apple products.

NSO’s spyware is capable of not only capturing photos, messages, and other sensitive information from compromised devices, but also turning them into recording devices to monitor their surroundings.

Pegasus software has been sold to governments around the world, including Mexico, Saudi Arabia, the United Arab Emirates, India, Bahrain, Azerbaijan, Hungary, Kazakhstan, Morocco and Rwanda. Privacy advocates have long warned that NSO Group does not have enough controls in place to limit how its customers use the powerful cyber surveillance tools it sells. 

Amnesty International researchers revealed how widespread the use of NSO Group's spyware is earlier this year, saying that Pegasus may have been used to snoop on more than 1,000 journalists, rights activists and other prominent individuals from about 50 countries.

Last month, the US government placed NSO Group on a trade blacklist, stating that the company's software had 'enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists'. In its lawsuit, Apple said that NSO Group and its parent company OSY Technologies should be held accountable for the surveillance and targeting of Apple users, and banned from using any Apple devices, software or services 'to prevent further abuse and harm to its users'.

In its complaint, Apple describes NSO Groups as '....notorious hackers - amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.'  NSO Group denies those claims, saying it only works with law enforcement, military, and intelligence agencies from countries with good human-rights records.

Reuters:       Computing:       Guardian:     The Verge:     TimesofIsrael:    CNN      Washington Post

You Might Also Read: 

The Spycraft Revolution:

 

« Panama Boosts Maritime Cyber Security
A Short Guide To Building Cloud-Based SaaS Applications »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

EBRAND Services

EBRAND Services

EBRAND, the European experts for brand protection on the Internet. We offer a full set of services including cybermonitoring, fighting counterfeiting offences and online security.

Privakey

Privakey

Transaction Intent Verification. Privakey delivers a secure channel to streamline high risk transactions, enabling digital trust between services and their users.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

SENTRIQS

SENTRIQS

SENTRIQS advanced encryption technology is engineered to defend against the most sophisticated cyber threats, keeping your operations efficient and secure.

Maltiverse

Maltiverse

Maltiverse is a threat intelligence platform that provides security teams with high-fidelity threat data and malicious IOCs to enhance detection and response.

Breeze Security

Breeze Security

The Breeze Platform acts as a defense coordinator, unifying security across identities, endpoints, cloud, and data to expose real attack paths, orchestrate remediation, and detect threats.