U.S. State Department employees’ iPhones were hacked by NSO spyware

Israel’s notorious commercial spyware developer NSO Group was previously included in the sanctions list by the US Department of Commerce, prohibiting US companies or citizens from trading with it.

The Pegasus spy software developed by the NSO Group can infect iOS devices without interaction. Hackers only need to know the mobile phone number of the target device to initiate an attack.

Recently, Apple also announced a lawsuit against the group and applied to the court to prohibit the group from using any Apple software or services, thereby restricting the NSO Group from continuing its attacks.

As for why the US Department of Commerce suddenly included the NSO Group on the sanctions list, it is actually a mystery. After all, the NSO Group has been doing evil for many years before the United States did not act.

A report released by Reuters stated that the Biden administration’s decision to sanction the group may be due to attacks on US officials. The news said that nine U.S. State Department employees’ iPhones were hacked by NSO spyware.

Specifically, these officials belonging to the US State Department are stationed in Uganda, Africa, or involved in East Africa. As for who launched the attack, it is not clear for the time being.

Because the NSO Group sells its spyware to the government and other agencies, there are actually quite a few government agencies that buy Pegasus spyware, but its usage is unclear.

In addition, based on relevant US laws, the Pegasus spyware is forbidden to be used on devices with mobile phone numbers starting with +1.

But these US State Department officials stationed in Uganda may use local numbers, so unknown attackers can use Pegasus spyware to launch attacks.

The U.S. Department of Commerce is unlikely to sanction the NSO Group for no reason. Therefore, the sanctions are likely to be that the U.S. government has previously discovered that some officials have been attacked by a network.

“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” said an NSO spokesperson, who added that NSO will also “cooperate with any relevant government authority and present the full information we will have.”

However, all government agencies purchase the Pegasus spyware, so the so-called legal action is actually useless, and what NSO can do is to block its customers.

So NSO actually only cares about development and sales to make money, and it can’t control or monitor how its software is used and what it is used to do.