Skip to main content

NSO Group: Israeli company spyware 'hacked US State Department phones'

Reuters reports the hacks focused on US officials either based in Uganda or working on matters related to the East African country
State Department officials with foreign registered phones were targeted with spyware produced by Israeli cyber company (AFP)

The iPhones of at least nine US State Department employees were hacked by an unknown assailant using spyware developed by the Israel-based NSO Group, Reuters reported Friday.

The hacks, which took place in the last several months, focused on US officials either based in Uganda or working on matters related to the East African country.

Reuters said it could not determine who launched the latest cyberattacks.

The NSO Group said in a statement on Thursday that it did not have any indication their tools were used but cancelled the relevant accounts and said they would investigate based on the Reuters inquiry.

"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," said an NSO spokesperson, who added that NSO will also "cooperate with any relevant government authority and present the full information we will have”.

Stay informed with MEE's newsletters

Sign up to get the latest alerts, insights and analysis, starting with Turkey Unpacked

Apple files lawsuit against Israel's NSO Group over Pegasus spyware
Read More »

The US government put the NSO Group on a blacklist last month after revelations that its software had been used by a host of countries to spy on journalists, government officials and activists.

NSO software operates by capturing encrypted messages, photos and other sensitive information from infected phones, turning them into recording devices to monitor surroundings.

Apple's alert to affected users did not name the creator of the spyware used in this hack.

The victims notified by Apple included American citizens and were easily identifiable as US government employees because they associated email addresses ending in with their Apple IDs, sources told Reuters.

They and other targets notified by Apple in multiple countries were infected through the same graphics processing vulnerability that Apple did not fix until September, the sources said.

'Severe violations'

Since at least February, this software flaw allowed some NSO customers to take control of iPhones simply by sending invisible yet tainted iMessage requests to the device, researchers who investigated the espionage campaign said.

The victims would not see or need to interact with a prompt for the hack to be successful. Versions of NSO surveillance software, commonly known as Pegasus, could then be installed.

In a public response, NSO has said its technology helps stop terrorism and that they've installed controls to curb spying against innocent targets.

The company says its intrusion system cannot work on phones with US numbers beginning with the country code +1.

But in the Uganda case, the targeted State Department employees were using iPhones registered with foreign telephone numbers, said two of the sources, without the US country code.

A senior Biden administration official, speaking on the condition that he not be identified, said the threat to US personnel abroad was one of the reasons the administration was cracking down on companies such as NSO and pursuing a new global discussion about spying limits.

Israel to lobby against US sanctions on NSO citing national security: Report
Read More »

The official added that they have seen "systemic abuse" in multiple countries involving NSO's Pegasus spyware.

Historically, some of the NSO Group's best-known past clients included Saudi Arabia, the United Arab Emirates and Mexico.

The Israeli Ministry of Defence must approve export licences for NSO, which has close ties to Israel's defence and intelligence communities, to sell its technology internationally.

In a statement, the Israeli embassy in Washington said that targeting American officials would be a serious breach of its rules.

"Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes," an embassy spokesperson said. "The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions."

Middle East Eye delivers independent and unrivalled coverage and analysis of the Middle East, North Africa and beyond. To learn more about republishing this content and the associated fees, please fill out this form. More about MEE can be found here.