US State Department phones hacked with NSO Group spyware

The State Department is trying to determine who had access to the pirated documents on these phones and how the hack happened, the U.S. official said. It is possible that this situation is the result of American employees getting new iPhones and Pegasus spyware remaining on devices even after they have been erased, the official added.

The State Department’s investigation is a sign that the flourishing market for hacking tools sold by private companies is increasingly a threat not only to human rights, but also to the national security of States- United.

Last month, the Commerce Department blacklisted NSO Group and another Israeli spyware firm, Candiru, accusing the companies of providing spyware to foreign governments that “used these tools to maliciously target” journalists, embassy workers and activists.

NSO Group’s leading spyware, known as Pegasus, is capable of remotely infecting cell phones and listening to calls or texts, security researchers say.

The State Department is in contact with Apple Inc regarding the situation, the official said.

Reuters first reported on the survey.

The State Department has not confirmed that the phones were hacked.

“While we are unable to confirm, generally speaking, the department takes seriously its responsibility to protect its information and continually takes steps to ensure that information is protected,” a spokesperson for the department said. ‘State. “Like any large organization in the world, we closely monitor cybersecurity conditions and continually update our security posture to adapt to changing adversaries’ tactics. “

The Biden administration is “extremely concerned that commercial spyware like NSO Group software poses a serious counterintelligence and security risk to US personnel,” a National Security Council spokesperson said , highlighting recent additions to the Treasury Department’s Entity List. There is also a government-wide effort to tackle commercial hacking tools, the spokesperson said.

A spokesperson for NSO Group said that after the company informed of the incident, it “decided to immediately terminate the access of affected customers to the system, due to the seriousness of the allegations.”

“At this stage, we have not received any information or phone numbers, or any indication that NSO tools were used in this case,” the statement from the NSO group continued. “In addition to the independent investigation, NSO will cooperate with any relevant government authority and present any information available to us.”

It is not known who used the spyware to target the phones of State Department employees.

An Apple spokesperson declined to comment.

Apple and other U.S. tech companies have stepped up pressure on NSO Group over allegations of human rights and privacy violations – allegations the company denies.

Apple sued NSO Group last month for allegedly breaking federal anti-piracy law by selling Pegasus to customers, who allegedly used the software to spy on Apple customers. In a statement at the time, NSO Group did not address the lawsuit directly but said the company was providing “legal tools” to fight terrorists and criminals.

John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab who investigated NSO spyware, said the latest revelation about the alleged targeting of State Department phones shows the Office of the diplomatic security department needs to do more to secure these devices.

“NSO has been an obvious threat to national security for years, and the fact that these violations have occurred and that Apple is required to make the notification, shows that the threat was not taken seriously enough,” said Scott-Railton to CNN.

Earlier this week, Uganda Democratic Party Chairman Norbert Mao said he had received an Apple notification that his phone was targeted.

“When you wake up to a threat notification from @Apple that your phone is being targeted, you know the cyber terrorism from state sponsored cyber terrorists is real,” he said. tweeted.

About Jessica J. Bass

Check Also

UK court convicts chairman of bankrupt Harlequin Group over $274m Caribbean fraud

The chairman of luxury Caribbean hotel and resort developer Harlequin Group was found guilty on …