A person familiar with the matter said Apple Inc. last week notified 11 U.S. State Department employees in Uganda that their iPhones were hacked, and investigators said that the attack was linked to a tool developed by NSO Group, an Israeli technology company that was blacklisted by the Biden administration.
Some of the targeted State Department employees were foreign service officers who are U.S. citizens, while others appear to be locals working for the embassy, the person familiar with the matter said. The person said that the phones were linked to State Department email addresses.
The alerts appear to be the first confirmed cases of NSO Group's mobile hacking tool, known as Pegasus, used to target American officials.
A series of articles published last month by the Biden administration alleged that Pegasus, one of the main software intrusion tools of the NSO Group, was used by dozens of law enforcement and intelligence customers around the world to target and break into phones belonging to politicians, human-rights activists and journalists.
In a statement, NSO Group said that after the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate customers access to the system because of the severity of the allegations. We haven't received any information nor phone numbers, nor any indication that NSO's tools were used in this case. NSO Group said it would cooperate with any relevant government authorities that would investigate the matter, even though it didn't identify the customer or customers whose access to its tools was terminated. Apple has a policy of notifying users it suspects has been targeted by state-sponsored attackers. Those notifications don't include who was behind the effort. At least nine State Department employees had been hacked by an unknown NSO Group customer, according to a report by the New York Times.
The State Department does not reveal the specific allegations, but it closely monitors the cybersecurity conditions of its workers.
Apple last week sued NSO Group, alleging that the company had engaged in concerted efforts in 2021 to target Apple customers, Apple products and servers, and Apple through dangerous malware and spyware. The suit seeks to bar NSO Group from using Apple products. In a similar lawsuit, the WhatsApp messaging service brought in 2019 alleging that NSO Group had sent malware to 1,400 of its users. Previously known as Facebook Inc., WhatsApp is owned by Meta Platforms Inc.
NSO Group has said its technology has been used to save lives by helping law enforcement and intelligence agencies in countries that respect privacy and the rule of law to pursue terrorists and other criminals. The company has terminated contracts with governments that have abused its software and taken measures to prevent abuse.
But that has not appeased the critics of the company who have accused NSO Group of being one of the most prominent vendors in an expanding commercial marketplace for hacking tools. Some governments have developed their own hacking tools at the National Security Agency, but others have been looking for digital surveillance tools from companies that specialize in building and selling them.
According to the State Department notifications, companies that allow their customers to hack U.S. government employees are a threat to America s national security and should be treated as such by the government, Sen. Ron Wyden, a Democrat on the Senate Intelligence Committee.
The use of its tools is restricted by NSO Group, including that they are not allowed to work on U.S. phone numbers. In its statement on Friday, the firm acknowledged that once the software is sold to the licensed customer, NSO has no way to know who the customers are, and that we were not aware of this case. Pegasus spyware allows for pervasive surveillance once a phone is compromised, essentially creating a silent spying device that can access a phone's files and messages as well as its microphone and camera.