Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post.
At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet.
The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees.
NSO Group is the maker of Pegasus, military-grade spyware that allows its government clients to stealthily plunder files and photos, eavesdrop on conversations, and track the whereabouts of their victims. Pegasus uses zero-click exploits sent through messaging apps to infect iPhones and Android devices without requiring targets to click links or take any other action, but are by default blocked from working on U.S. phone numbers.
In response to the reports, the NSO Group said it will investigate the matter and take legal action, if necessary, against customers for using its tools illegally, adding it had suspended "relevant accounts," citing the "severity of the allegations."
It's worth noting that the company has long maintained it only sells its products to government law enforcement and intelligence clients to help monitor security threats and investigate only terrorists and criminals. But evidence gathered over the years has revealed a systematic abuse of the technology to spy on human rights activists, journalists and politicians from Saudi Arabia, Bahrain, Morocco, Mexico, and other countries.
NSO Group's actions have cost it dear, landing it in the crosshairs of the U.S. Commerce Department, which placed the company in an economic blocklist last month, a decision that may have been motivated by the aforementioned targeting of U.S. foreign diplomats.
To add to the pressure, tech giants Apple and Meta have waged a legal onslaught against the company for illegally hacking their users by exploiting previously unknown security flaws in iOS and the end-to-end encrypted WhatsApp messaging service. Apple, in addition, also said it began sending threat notifications to alert users it believes have been targeted by state-sponsored attackers on November 23.
Unlock the secrets to bulletproof incident response – Master the 6-Phase process with Asaf Perlman, Cynet's IR Leader!Don't Miss Out – Save Your Seat!
To that end, the notifications are being delivered to affected users via email and iMessage to the addresses and phone numbers associated with the users' Apple IDs, alongside displaying a prominent "Threat Notification" banner at the top of the page when impacted users log into their accounts on appleid.apple[.]com.
"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability," Apple's software engineering chief Craig Federighi previously said. "That needs to change."
The disclosures also coincide with a report from The Wall Street Journal that detailed the U.S. government plans to work with over 100 countries to limit the export of surveillance software to authoritarian governments that use the technologies to suppress human rights. China and Russia are not expected to be a part of the new initiative.