Four people familiar with the matter claim that at least nine U.S. State Department employees had their Apple iPhones hacked using sophisticated spyware created by Israel’s NSO Group.
Two sources claimed that the hacks occurred over the past several months and targeted U.S. officials based in Uganda.
The intrusions were first reported by Reuters. They are the largest known hacks of U.S. officials using NSO technology. In reporting on NSO previously, a list of potential targets, including some American officials was made. However, it wasn’t clear if intrusions were ever attempted or successful.
Reuters couldn’t determine the origin of the cyberattack.
NSO Group stated in a statement that it does not have any evidence of tools being used, but canceled access to the relevant customers. It also said that it would investigate the Reuters inquiry.
“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” said an NSO spokesperson, who added that NSO will also “cooperate with any relevant government authority and present the full information we will have.”
NSO stated for many years that it sells products only to intelligence and government law enforcement clients. This helps them monitor security threats and is not involved in surveillance operations.
Washington officials from the Uganda Embassy did not respond to our request. Apple declined to comment.
A spokesperson for the State Department declined to comment on the intrusions and instead pointed to the Commerce Department’s recent decision placing the Israeli company on an entity listing, making it more difficult for U.S. businesses to do business with them.
NSO Group and another spyware company were “added the Entity List” based on the determination that they had developed and supplied spyware for foreign governments. This tool was used to maliciously target government officials and journalists, business people, and activists.
Easily identifiable
Based on Reuter’s reports, NSO software can not only capture encrypted messages and photos from infected smartphones but can also turn them into recording devices that allow you to monitor your surroundings.
Apple sent out a alert to the hacked phone but did not name the hacker.
When you wake up to a threat notification from @Apple that your iPhone is being targeted then you know that cyber terrorism from state sponsored cyber terrorists is real. pic.twitter.com/1uZ9eIf1FR
— Norbert Mao (@norbertmao) November 24, 2021
The victims notified by Apple included American citizens and were easily identifiable as U.S. government employees because they associated email addresses ending in state.gov with their Apple IDs, two of the people stated.
Sources said that they and other targets infected by the same graphics processing vulnerability infected Apple in multiple nations. Apple didn’t learn of it until September.
Researchers who looked into the espionage campaign found that this flaw in the software allowed NSO customers to control iPhones by simply sending contaminated iMessage requests to the device.
Hackers would not need to prompt victims to interact. The NSO surveillance software commonly known as Pegasus could then be installed.
Apple’s announcement that it would notify victims came on the same day it sued NSO Group last week, accusing it of helping numerous customers break into Apple’s mobile software, iOS.
NSO responded to the public by claiming that its technology is effective in stopping terrorist acts and that it has implemented controls to stop spying on innocent targets.
NSO, for example, says that its intrusion system can’t work on phones that have U.S. numbers starting with the country code +1.
Two sources said that the Ugandan State Department employees targeted were using iPhones with foreign phone numbers.
This year, Uganda was rocked by an election that saw protests, irregularities and a government crackdown. U.S. officials tried to meet opposition leaders, drawing the ire of the Ugandan government. Reuters does not believe the hacks are related to current events.
On condition that he not be identified, a senior Biden administration official said that the threat to U.S. personnel overseas was one reason the administration was cracking down on companies like NSO and seeking new global discussions about spying limits.
NSO Group has had a long history of serving clients such as Saudi Arabia, Mexico, and the United Arab Emirates.
“Companies that enable their customers to hack U.S. government employees are a threat to America’s national security and should be treated as such,” said Sen. Ron Wyden (D-KS), who serves on the Senate Intelligence Committee.
Historically, some of NSO Group’s best-known past clients included Saudi Arabia, the United Arab Emirates, and Mexico.
The Israeli Ministry of Defense must approve export licenses for NSO, which has close ties to Israel’s defense and intelligence communities, to sell its technology internationally.
The Israeli Embassy in Washington stated that it would not tolerate American officials being targeted.
“Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes,” an embassy spokesperson said. “The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions.”
