On Friday, Reuters shed new light on the Biden administration’s recent decision to sanction Pegasus spyware developer NSO Group. Citing four people “familiar with the matter,” the outlet reports an unknown assailant used the firm’s software to infect iPhones belonging to at least nine US State Department officials.
The attacks reportedly targeted federal employees who were either stationed in Uganda or whose work involved the East African country. Reuters wasn’t able to identify who was behind the hacks. The State Department also declined to comment on the report. NSO says it will investigate the matter.
“If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," a spokesperson for the company told Reuters. NSO said it would also “cooperate with any relevant government authority and present the full information we will have.”
NSO says its spyware can’t work on devices with US numbers that start with the country +1. But in the case of the State Department employees deployed to Uganda, they were reportedly using iPhones with local telephone numbers. They were also hacked before Apple released iOS 14.8, which addressed the CoreGraphics vulnerability NSO had exploited to allow its spyware to infect an iPhone without the victim even needing to tap on anything. On November 23rd, Apple sued NSO to “hold it accountable” for its actions.
Speaking on condition of anonymity, a senior Biden administration official told Reuters the threat to US officials is one of the reasons the White House is cracking down on NSO and working with allies to combat ransomware and other cybersecurity threats. On November 3rd, the Commerce Department added the company to its Entity List, preventing American companies from doing business with the firm. At the time, the company told Engadget it “dismayed” by the decision, and claimed its tools have helped the US by “preventing terrorism and crime.”