Technology giant Apple recently advised the US Department of State that its employees’ iPhones had been hacked.
The attacks, which used an iOS exploit called ForcedEntry deployed, a type of spyware known as Pegasus. This was developed by NSO Group, a surveillance firm based in Israel.
Cooperating with authorities on a cyberattack
The attacks struck 11 or more US officials located in, or dealing with, the African nation of Uganda and occurred over a period of months. NSO Group has subsequently cancelled the customer accounts used for the intrusions and pledged to look into the activity, but it is not yet sure of the tools implemented in the attacks. To date, the surveillance firm has not identified the owners of the suspended accounts to members of the press.
A spokesperson for NSO Group commented that further to an independent investigation, it would be cooperating with government authorities by presenting a full disclosure of all information on the activity in its possession.
It explained the attack vector used by the cybercriminals involved:
“To clarify, the installation of our software by the customer occurs via phone numbers. As stated before, NSO’s technologies are blocked from working on US (+1) numbers. Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case.”
Targeted attacks on US Government staff
News of the hacked phones enabling the installation of Pegasus spyware has come not long after the US government sanctioning the surveillance firm last month (along with three other enterprises from Israel, Singapore, and Russia) for developing spyware and selling hacker toolkits used by threat actors with state-sponsorship.
NSO, along with Candiru, has now been added to the Entity List held by the Commerce Department’s dedicated Bureau of Industry and Security (BIS) for supplying software utilised by state hacking groups for espionage activities against members of the press, academics, government officials and activists, among others.
Singapore’s Computer Security Initiative Consultancy PTE. LTD and Russia’s Positive Technologies were also sanctioned for trafficking hacking tools and exploits.
The Department of Commerce’s ruling stated:
“Specifically, investigative information has shown that the Israeli companies NSO and Candiru developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
At the beginning of November, Apple filed its own lawsuit against the Israeli surveillance group that developed Pegasus, along with its parent company, for spying on users of Apple technology with surveillance software.
For example, cybersecurity researchers at Citizen Lab revealed that NSO’s exploit ForcedEntry, which was recently used in attacks against some of the State Department staff, was used by state-sponsored hackers to compromise Apple’s devices, installing the Pegasus spyware.
Apple emphasised its pledge to always notify users targeted by the ForcedEntry exploit in the future, as well as those being targeted by attacks using state-backed spyware.
Protect your enterprise’s files with three-layer encryption for your data, which you can trial for free for 14 days!