Israeli hacking firm NSO Group is mostly known for selling high-tech malware capable of remotely cracking into Apple's iPhones and Google's Android devices to intelligence apparatuses, militaries, and law enforcement around the world.
However, the phone hacking company has recently become the victim of an insider breach attack carried out by a 38-year-old former NSO employee, who stole the source code for the company's most powerful spyware called Pegasus and tried to sell it for $50 million on the dark web in various cryptocurrencies, including Monero and Zcash, Israeli media reported.
That's much higher than the actual NSO Group's price tag for Pegasus, which reportedly sells for under $1 million per deployment.
If you remember, Pegasus is the same spyware that was used to target human rights activist Ahmed Mansoor in the United Arab Emirates in mid-2016.
Pegasus can hack mobile phones remotely, allowing an attacker to access an incredible amount of data on a target victim, including text messages, calendar entries, emails, WhatsApp messages, user's location, microphone, and camera—all without the victim's knowledge.
According to an indictment filed by Israel's attorney general, which does not name the employee, the accused worked in NSO's quality assurance department, and upon realizing that he was going to lose his job, he copied top-secret code from NSO's networks to an external hard drive after disabling McAfee security software on his PC.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!
Following his dismissal on April 29, the accused contacted an unidentified individual on the darknet, representing himself as a member of a hacking crew who had successfully broken into NSO computers and attempted to sell the hard drive containing the spyware code for $50 million.
Ironically, the buyer himself in turn informed the company about their leaked hacking tools and the sale on the dark web.
NSO Group said the company quickly identified the breach and unnamed suspect and contacted the authorities, adding that no material had been shared with any third-party and that no customer data or information was compromised.
The suspect was arrested on June 5, and the stolen property was secured. He was then charged with an attempt to sell security tools without an appropriate license, employee theft, and attempt to harm property in a manner that could hurt state security.
With 500 employees and valued at $900 million, NSO Group has been in a deal worth $1 billion with US-based software company Verint Systems who's willing to merge its security division with NSO, revealed in May this year.