Apple has reportedly warned several US Department of State employees their phones were hacked by an unidentified attacker using spyware that was developed by NSO Group.
Reuters reports that “at least nine” State Department employees “either based in Uganda or focused on matters concerning the East African country” were hacked. The Apple IDs on the compromised devices were said to be associated with their “@state.gov” email addresses.
Apple’s disclosure was made as part of its broader effort to warn its customers who have been targeted by spyware, according to the report, which the company announced in November alongside its lawsuit seeking to prevent NSO Group from buying any of its products.
The disclosure also follows the US Department of Commerce’s decision to add NSO Group to the Entity List for supplying its spyware to governments that used it “to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
NSO Group tells Reuters that it doesn’t know if its spyware was used to hack these State Department employees, but it’s said to have “canceled the relevant accounts,” which suggests the company has some idea of the organization responsible for compromising the devices.
“If our investigation shall show these actions indeed happened with NSO’s tools,” an NSO Group spokesperson tells Reuters, “such customer will be terminated permanently and legal actions will take place.” The company also says it will comply with government investigations into the issue.
Source: https://au.pcmag.com/security/91270/apple-nso-group-spyware-was-used-against-state-dept-employees