According to Reuters, 9 Apple phones of US State Department employees working in Uganda or on Ugandan matters were hacked by a still-unknown assailant or assailant group.
The spyware used to pry into the diplomats’ phones was created by a shadowy Israeli company called the NSO Group.
The highly capable Pegasus spyware is reportedly capable of capturing encrypted messages, finding and capturing photos and other information on phones it’s used to hack, and also turning those infected phones into devices that record and monitor surroundings
Reuters adds that this was the spyware group’s response:
NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled access for the relevant customers and would investigate based on the Reuters inquiry.
“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” said an NSO spokesperson, who added that NSO will also “cooperate with any relevant government authority and present the full information we will have.”
[…]In a public response, NSO has said its technology helps stop terrorism and that they’ve installed controls to curb spying against innocent targets.
For example, NSO says its intrusion system cannot work on phones with U.S. numbers beginning with the country code +1.
NSO also reportedly said that it only sells the software to law enforcement or intelligence community clients.
However, while NSO might argue that its software is only used by responsible parties and can’t target Americans, the US government views the company in a far less sanguine manner.
In fact, the US Commerce Department added the group to its “Entities List,” making it far harder for any American company to do business with the group. At the time NSO was added, the Commerce Department had this to say:
NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct translational repression, which is the practice of authoritarian governments targeting dissidents, journalists, and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.
So, the problem has gotten so bad that NSO, a company in Israeli, which is supposed to be an American ally, is “engaging in activities that are contrary to the national security or foreign policy interests of the United States.“