According to four people familiar with the situation, unknown attackers hacked into Apple iPhones of at least nine State Department employees using sophisticated spyware developed by Israel’s NSO Group.
According to two sources, the hacks that have occurred in the past few months have affected either US officials based in Uganda or related to issues concerning that country in East Africa.
The intrusions, which were first reported here, are the most widely known hacks of US officials using NSO technology. Previously, NSO reports had featured a list of potential targets, including some US officials, but it was unclear if invasion attempts were always attempted or successful.
Reuters was unable to identify who launched the latest cyberattacks.
The NSO Group said in a statement Thursday that it has no indication that their tools were used, but has revoked access for relevant clients and will investigate based on a Reuters request.
“If our investigation shows that these actions really happened with NSO tools, such a client will be deleted irrevocably and legal action will begin,” the NSO spokesman said, adding that NSO will also “cooperate with any relevant government agency and provide full information. information we will have. “
NSO has long stated that it only sells its products to government law enforcement and intelligence clients to help them track security threats, and is not directly involved in surveillance operations.
Ugandan Embassy officials in Washington declined to comment. An Apple spokesman declined to comment.
A State Department spokesman declined to comment on the incursions, instead pointing to a recent decision by the Commerce Department to include the Israeli company as a legal entity, making it difficult to do business with American companies.
The NSO Group and another spy firm were “added to the List of Organizations based on the determination that they developed and supplied spyware to foreign governments who used the tool to maliciously attack government officials, journalists, business people, activists, academics and embassy personnel.” The Commerce Department said in a statement last month.
NSO’s software is capable of not only capturing encrypted messages, photos and other sensitive information from infected phones, but also turning them into recording devices for monitoring the environment, according to product guidelines reviewed by Reuters.
Apple’s warning to affected users does not mention the creator of the spyware used in this hack.
Among the victims notified by Apple were American citizens who could be easily identified as US government employees because they linked email addresses ending in state.gov with their Apple IDs, two said.
Sources said that they and other targets that Apple had notified in several countries were infected due to the same graphics processing vulnerability that Apple did not recognize or patch until September.
At least since February, this software flaw has allowed some NSO clients to take control of iPhones by simply sending invisible but corrupted iMessages to the device, according to researchers investigating the spy campaign.
Victims will not see the prompt for a successful hack and will not be forced to interact with it. Thereafter, versions of the NSO surveillance software, commonly known as Pegasus, can be installed.
Apple’s announcement that it will notify victims came the same day it sued NSO Group last week, accusing it of helping numerous customers infiltrate Apple’s iOS mobile software.
In a public response, the NSO said its technology is helping to stop terrorism and that they have established controls to stop spying against innocent targets.
For example, NSO says its intrusion prevention system cannot work on phones with US numbers starting with country code +1.
But in the case of Uganda, the State Department officers who were attacked used iPhones registered with foreign phone numbers, according to two sources, without a US country code.
This year, Uganda was shocked by elections that reported violations, protests and government reprisals. US officials have tried to meet with opposition leaders, drawing the ire of the Ugandan government. Reuters has no evidence that the hacks were related to current events in Uganda.
A senior Biden administration official, speaking on the condition that he not be identified, said the threat to US personnel overseas was one of the reasons the administration was taking harsh action against companies like NSO and leading a new global discussion about the limitations of espionage.
The official added that the government has witnessed “systematic abuse” in many countries involving NSO’s Pegasus spyware.
Senator Ron Wyden, a member of the Senate Intelligence Committee, said: “Companies that allow their clients to hack US government officials pose a threat to America’s national security and should be treated as such.”
Historically, some of the NSO Group’s most prominent clients in the past have included Saudi Arabia, the United Arab Emirates and Mexico.
The Israel Defense Ministry must approve export licenses for NSO, which has close ties with Israeli defense and intelligence organizations, to sell its technology internationally.
The Israeli embassy in Washington said in a statement that the attack on US officials would be a serious violation of its rules.
“Cyber products like the one mentioned are under supervision and are licensed to export to governments only for purposes related to countering terrorism and serious crime,” said an embassy official. “The licensing provisions are very clear, and if these statements are true, this is a serious violation of those provisions.”
© Thomson Reuters 2021