According to the British news agency Reuters, the iPhones of at least nine employees of the US State Department have been hacked by an unknown assailant using the latest spyware developed by the Israeli NSO group.
The news agency quoted two of the four people familiar with the matter as saying that the hacks in the past several months had either targeted US officials based in Uganda or focused on issues related to the East African country.
The interventions reported earlier are part of a wider hack of US officials using NSO technology.
Earlier, there were reports of NSOs listing possible target numbers, including some US officials, but it was not clear if the intervention was just an attempt or a success.
Reuters could not determine who carried out the latest cyber-attacks.
The NSO group said in a statement on Thursday that it had no indication that its tools had been used but that it had canceled the relevant accounts and would conduct an investigation based on a Reuters inquiry. Will
An NSO spokesman said: “If our investigation reveals that these actions were actually carried out through NSO tools, such customers will be permanently removed and legal action will be taken.” ‘
A spokesman for the NSO added that the agency would also “co-operate with any relevant government authority and provide complete information which we will have.”
The NSO has long said it sells its products only to government, law enforcement, and intelligence clients who help them monitor security threats and are not directly involved in surveillance. happens.
Officials at the Ugandan embassy in Washington have not commented. An Apple spokesman declined to comment.
A State Department spokesman declined to comment on the intervention, citing the Commerce Department’s recent decision to add an Israeli company to its “anti-list” that has made it difficult for US companies to do business with them. Is.
Last month, the Commerce Department announced that the NSO Group and another spyware firm had been added to the anti-” list” because of their commitment to developing and supplying spyware to foreign governments. Who used the tool to maliciously target government officials, journalists, businessmen, workers, academics, and embassy workers.
Easily identifiable
Based on the product manuals reviewed by Reuters, it can be said that NSO software is not only capable of receiving encrypted messages, photos, and other sensitive information from infected phones but also recording devices for monitoring the environment. I also have the ability to change.
The alert did not name the creator of the spyware used in the hack.
The two men said the victims reported by Apple included U.S. citizens and could easily have been identified as U.S. government employees because they had provided their Apple addresses with expired e-mail addresses on state.gov. Associated with IDs.
Sources said that he and other targets reported by Apple in several countries were affected by the same graphics processing threat that Apple did not fix until September.
Researchers investigating the spy campaign say that since at least February, a flaw in the software has allowed some NSO users to gain control of iPhones by simply sending hidden and obscure iMessage requests to the device. Û”
Victims did not need to see or interact with any prompts for the hack to be successful. Later versions of the NSO surveillance software, commonly known as Pegasus, may be installed.
Apple’s announcement that it would notify victims came on the same day it filed a lawsuit against the NSO group last week. Apple has accused NSO of helping several users to break into Apple’s mobile software iOS.
In a public response, the NSO said its technology helps prevent terrorism and that it has installed controls to prevent espionage against innocent targets.
The NSO, for example, says its intrusion system cannot operate on phones with US numbers beginning with the country code +1.
According to two Reuters sources, in the case of Uganda, State Department employees were using registered iPhones with foreign telephone numbers whose country codes were non-US.
A senior Biden administration official, speaking on condition of anonymity, said one of the reasons for the threat to US personnel abroad was that the administration was cracking down on companies such as the NSO and the scope of espionage. Is advancing a new global debate about
The official added that he had seen “systematic abuse” in several countries involved in the NSO’s Pegasus spyware.
Historically, some of the NSO Group’s most famous past clients included Saudi Arabia, the United Arab Emirates, and Mexico.
The Israeli Ministry of Defense must approve an export license for the NSO, which has close ties to Israel’s defense and intelligence communities, to sell its technology internationally.
The Israeli embassy in Washington said in a statement that targeting US officials would be a serious violation of its rules.
A spokesman for the embassy said: “The cyber products mentioned are only exported to governments for counter-terrorism and serious crime purposes and are therefore licensed and monitored. Û” ‘
The spokesman added that “the license provisions are very clear and if these claims are true then it is a serious violation of these provisions.”
The well-known American newspaper Washington Post has also done its research after the news of Reuters news agency and has confirmed this news.
The Washington Post reports that the news was first reported by Reuters, after which the Washington Post confirmed that the incident came a month after the NSO group was blacklisted by US authorities. Û”
According to the Washington Post, the latest allegations come after the publication of The Pegasus Project in July, an investigation into the activities of the NSO group by the Washington Post, and 16 other news organizations.