WASHINGTON / SAN FRANCISCO, December 3 (Reuters) – Apple Inc iPhones of at least nine U.S. State Department employees have been hacked by an unknown attacker using sophisticated spyware developed by the group Israeli NSO, according to four people familiar with the matter.
The hacks, which have taken place in recent months, have affected US officials based in Uganda or focused on issues relating to the East African country, two of the sources said.
The intrusions, first reported here, represent the most notorious hacks by U.S. officials via NSO technology. Previously, a list of numbers with potential targets, including some U.S. officials, had surfaced in NSO reports, but it was not clear whether the intrusions were still attempted or successful.
Register now for FREE and unlimited access to reuters.com
Reuters could not determine who launched the latest cyber attacks.
NSO Group said in a statement Thursday that it had no indication their tools were being used, but canceled access for affected customers and would investigate based on the Reuters investigation.
“If our investigation shows that these actions did indeed take place with NSO’s tools, that client will be terminated permanently and legal action will take place,” said a spokesperson for NSO, who added that NSO “will also cooperate with any relevant government authority and will present all of the information we have. “
NSO has long stated that it only sells its products to government law enforcement and intelligence clients, helping them monitor security threats, and that it is not directly involved in them. surveillance operations.
Officials at the Ugandan embassy in Washington have made no comment. An Apple spokesperson declined to comment.
A State Department spokesperson declined to comment on the intrusions, instead pointing to the Commerce Department’s recent decision to place the Israeli company on an entity list, making it harder for US companies to make claims. business with them.
NSO Group and another spyware company have been “added to the list of entities based on the determination that they have developed and supplied software The Commerce Department said in an announcement last month.”
NSO software is capable of not only capturing encrypted messages, photos and other sensitive information from infected phones, but also turning them into recording devices to monitor the environment, based on the product manuals. reviewed by Reuters.
Apple alert to affected users did not name the creator of the spyware used in this hack.
The victims reported by Apple included U.S. citizens and were easily identifiable as U.S. government employees because they associated email addresses ending in state.gov with their Apple IDs, two of the people said.
They and other targets notified by Apple in several countries were infected with the same graphics processing vulnerability that Apple only learned and fixed in September, the sources said.
Since at least February, this software flaw has allowed some NSO customers to take control of iPhones simply by sending invisible but tainted iMessage requests to the device, said researchers who investigated the spy campaign.
Victims would not see or need to interact with a prompt for the hack to be successful. Versions of the NSO monitoring software, commonly referred to as Pegasus, could then be installed.
Apple’s announcement that it would notify victims came the same day it sued NSO Group last week, accusing it of helping many customers break into Apple’s mobile software, iOS. .
In a public response, NSO said its technology was helping stop terrorism and that they had installed controls to curb espionage against innocent targets.
For example, NSO claims that its intrusion system cannot work on phones with US numbers beginning with the country code +1.
But in Uganda’s case, targeted State Department employees were using iPhones registered with foreign phone numbers, two of the sources said, without the US country code.
Uganda has been rocked this year by an election with reported irregularities, protests and government crackdown. US officials attempted to meet with opposition leaders, angering the Ugandan government. read more Reuters has no evidence that the hacks were linked to current events in Uganda.
A senior Biden administration official, speaking on condition of not being identified, said the threat to US personnel overseas was one of the reasons the administration was cracking down on companies such as NSO and continued a new global discussion of spy limits.
The official added that the government had observed “systemic abuse” in several countries involving NSO’s Pegasus spyware.
Senator Ron Wyden, who is on the Senate Intelligence Committee, said: “Companies that allow their customers to hack into US government employees pose a threat to US national security and should be treated as such. . “
Historically, some of NSO Group’s best-known former clients have included Saudi Arabia, the United Arab Emirates, and Mexico.
Israel’s Defense Ministry must approve export licenses from NSO, which has close ties to Israel’s defense and intelligence communities, to sell its technology internationally.
In a statement, the Israeli embassy in Washington said targeting US officials would be a serious violation of its rules.
“Computer products like the one mentioned are supervised and allowed to be exported to governments only for purposes related to combating terrorism and serious crime,” said an embassy spokesperson. “The licensing provisions are very clear and if these claims are true, this is a serious violation of those provisions.”
Register now for FREE and unlimited access to reuters.com
Reporting by Christopher Bing and Joseph Menn; edited by Chris Sanders and Edward Tobin
Our Standards: Thomson Reuters Trust Principles.