Apple iPhones of at least nine US State Department employees were hacked by an unidentified attacker using sophisticated spyware developed by Israel-based NSO Group, according to four people familiar with the matter.
Two sources said the hacks that occurred over the past several months either struck US officials based in Uganda or focused on matters related to the East African country.
The intrusion, first reported here, represents a widely known hack of US officials via NSO technology. Previously, a list of numbers containing potential targets, including some US officials, had surfaced in reporting on the NSO, but it was not clear whether the infiltration was always attempted or successful.
Reuters could not determine who launched the latest cyberattacks.
NSO Group said in a statement on Thursday that there was no indication that their tools were used, but that access had been revoked for concerned customers and that Reuters would investigate based on inquiries.
An NSO spokesperson said, “If our investigation shows that these actions have indeed occurred with NSO’s equipment, such customer will be permanently terminated and legal action will be taken.” We will have the information.”
NSO has long said that it only sells its products to government law enforcement and intelligence customers to help them monitor security threats, and is not directly involved in surveillance operations.
Ugandan embassy officials in Washington did not comment. An Apple spokesperson declined to comment.
A State Department spokesman declined to comment on the incursion, instead pointing to a recent decision by the Commerce Department to put the Israeli company on an entity list, making it harder for US companies to do business with them.
NSO Group and another spyware firm were added to the Entity List “based on a determination that they developed and supplied spyware to foreign governments that used the tool to be used by government officials, journalists, business people, activists, academics and Used to maliciously target embassy staff.” The Commerce Department said in an announcement last month.
NSO software is able to not only capture encrypted messages, photos and other sensitive information from infected phones, but also turn them into recording devices to monitor the surroundings, based on product manuals reviewed by Reuters.
Apple Alert to affected users did not name the creator of the spyware used in this hack.
The victims notified by Apple included US citizens and were easily identifiable as US government employees because they linked their Apple IDs to an email address ending in state.gov, the two people said.
Sources said they and other targets notified by Apple in several countries were infected with the same graphics processing vulnerability that Apple learned about and did not fix until September.
Since at least February, this software flaw allowed some NSO customers to take control of iPhones by sending invisible yet tainted iMessage requests to the device, researchers investigating a spying campaign said.
Victims will not need to interact with or see a signal for the hack to be successful. Versions of the NSO monitoring software, commonly known as Pegasus, can then be installed.
Apple’s announcement that it would notify victims came on the same day it sued NSO Group last week, accusing it of helping multiple customers break into Apple’s mobile software, iOS.
In a public response, NSO has said that its technology helps prevent terrorism and that they have established controls to prevent espionage against innocent targets.
For example, NSO says its intrusion system may not work on phones with US numbers beginning with country code +1.
But in the Uganda case, the targeted State Department employees were using iPhones registered with foreign telephone numbers, two sources said, without US country codes.
An election in Uganda this year has been raging with alleged irregularities, protests and a government crackdown. US officials, angered by the Ugandan government, have tried to meet opposition leaders. Reuters has no evidence that the hacks were related to current events in Uganda.
A senior Biden administration official, speaking on condition of anonymity, said the threat to US personnel overseas was one reason the administration was cracking down on companies like NSO and sparking new global discussions about the extent of espionage. Was.
The official said the government has seen “systemic abuse” in several countries linked to NSO’s Pegasus spyware.
Ron Wyden, a member of the Senate Intelligence Committee, said: “Companies that enable their customers to hack US government employees are a threat to America’s national security and should be treated as such.”
Historically, some of the best-known past clients of the NSO Group have included Saudi Arabia, the United Arab Emirates, and Mexico.
Israel’s Defense Ministry must approve an export license from NSO to sell its technology internationally, which has close ties with Israel’s defense and intelligence communities.
The Israeli embassy in Washington said in a statement that targeting US officials would be a serious violation of its rules.
“As noted, cyber products are monitored and licensed to export to governments only for purposes related to terrorism and serious crimes,” an embassy spokesperson said. “The licensing provisions are very clear and if these claims are true, it is a serious violation of these provisions.”
© Thomson Reuters 2021