The Pegasus Spyware
An unknown adversary may have used state-sponsored spyware manufactured by the infamous Israeli company NSO Group to target many U.S. Embassy and State Department personnel, according to various reports from Reuters and The Washington Post.
An investigation is underway to determine the identities of the threat actors behind the intrusions, and the nature of the information obtained from at least 11 U.S. Embassy officers in Uganda or focused on matters related to the country.
For the first time, sophisticated monitoring software has been used against U.S. government officials in the attacks that have taken place in the last few months.
The military-grade spyware developed by NSO Group enables its government customers to steal data and images, listen in on conversations, and follow the movements of its victims. Known as Pegasus, the malware employs zero-click vulnerabilities transmitted via messaging applications to infect iPhones and Android devices without needing targets to click links or take any other action, but are by default restricted from operating on U.S. phone numbers.
When the NSO Group came to know about complaints of illicit use of its tools, it announced it would conduct an investigation and, if required, it will take legal action against customers who misused its products, noting the “severity of the allegations”.
The company has always asserted that it exclusively sells its products to government law enforcement and intelligence customers in order to assist in monitoring security concerns and tracking down terrorists and thieves. Evidence accumulated over the years has shown that the technology has been used to eavesdrop on human rights activists, journalists, and politicians from Saudi Arabia, Bahrain, Morocco, Mexico, and other countries.
As a result of its activities, NSO Group was put on an economic blacklist by the U.S. Commerce Department, a move that may have been made in response to the aforementioned targeting of US foreign ambassadors.
Since the company has unlawfully hacked its consumers by exploiting previously discovered security holes in iOS and the end-to-end encrypted WhatsApp messaging service, tech giants Apple and Meta have launched a legal case against it. Additionally, on November 23, Apple started issuing threat warnings to customers who the iPhone maker thinks have been targeted by state-sponsored attackers.
Around the time of these revelations, a report from the Wall Street Journal disclosed that the U.S. government is planning to cooperate with more than 100 countries on an agreement to prohibit the sale of surveillance software that is used by authoritarian governments for the purpose of suppressing human-rights policies. The new agreement is not likely to include China or Russia.