NSO Group’s Spyware May Have Been Used to Target U.S. State Department Officials

NSO Group’s Spyware May Have Been Used to Target U.S. State Department Officials

Apple recently revealed a new policy that would notify users if their devices were the targets of a state-sponsored attack conducted using spyware from Israeli surveillance-for-hire firm NSO Group. Now, just weeks later, a new report from Reuters claims at least nine U.S. State Department officials found themselves on the receiving end of an NSO powered hack. The attacks would represent the most significant attacks on U.S. officials using the company’s spyware to date.

Citing unnamed sources, Reuters claims each of the targeted officials was either based in Uganda or was working closely on matters related to that country.

In a statement to Reuters, an NSO spokesperson said the company would take action against the nation-customer responsible if its investigation discovered any misuse of Pegasus; however, an NSO spokesperson now tells Gizmodo the company has preemptively terminated the access of the “relevant customer” citing the “severity of the allegations.”

“To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case,” NSO added.

The spokesperson went on to say that its technologies are blocked from working on U.S. phone numbers. (NSO’s software infects targets via their phone number, often via malicious SMS or email links). However, while the alleged target officials were American, sources told Reuters the State Department officials in Uganda were using iPhones registered with foreign telephone numbers.

Apple did not immediately comment on the report but directed Gizmodo to its lawsuit against NSO and previous statements.

As a fresher, NSO Group has gained international notoriety in recent years after multiple reports have shown NSO Group’s willingness to sell its Pegasus spyware and other tools to authoritarian regimes worldwide. In some cases, NSO Groups’ software has reportedly been used to target journalists, human rights advocates, children, and even some political leaders. Previous reports have also alleged NSO Group’s spyware was involved in the brutal assassination of Saudi Arabia political dissident and commentator Jamal Khashoggi, allegations the company has denied.

NSO Group has around 60 customers spread out across 40 countries and has publicly maintained that it only sells its products to government law enforcement and intelligence agents. Facing mounting pressure, the company temporarily suspended several government clients earlier this year over the potential misuse of its service.

The alleged State Department attacks come less than a month after the US Commerce Department added NSO Group to its U.S. Export Administration Regulation (EAR) “Entity List.” Those sanctions subject NSO to trade restrictions that would require U.S.-based companies to acquire a special licence from the government if they want to provide services or sell products to the sanctioned party.

“Companies that enable their customers to hack U.S. government employees are a threat to America’s national security and should be treated as such by the government,” Oregon Senator Ron Wyden said in a statement to Gizmodo. “I want to be sure the State Department and the rest of the federal government has the tools to detect hacks and respond to them quickly.”

The crescendo of voices demanding a reining in of NSO Group’s reach isn’t limited to the US either. Just this week, a group of 86 human rights groups sent a letter to the European Union calling on officials to sanction NSO and take actions to limit the sale, transfer, and export of the technology. Major tech companies are also taking their own stands against the surveillance company. Back in 2019, Facebook (now Meta) filed a lawsuit against the company claiming its malware had exploited a vulnerability in WhatsApp that infected 1,400 phones with malware. Then, just last month, Apple launched its own legal battle against NSO Group that attempts to ban the company from using Apple software or services.