US State Department phones hacked with Pegasus software

At least a dozen employees of the US State Department working with Uganda suffered hacks your iPhones with spyware made by NSO Group, according to a Reuters report.

The Wall Street Journal has corroborated the story, putting the number of US and Ugandan embassy workers hacked at 11. While it is unclear who carried out the attacks, the NSO Group says it only sells its software to government organizations that have obtained the approval of the Israeli government.

NSO has claimed that their spyware cannot target US phone numbers (i.e., numbers with a +1 country code). This case does not appear to refute that claim: Reuteurs reports that while the people attacked were State Department employees, they were using foreign phone numbers.

Espionage against the United States in “the last months”

US State Department phones hacked with Pegasus software.

Still, the devices were used for official State Department business, suggesting that NSO may now be involved in an espionage effort against the US government. According to Reuters, the attacks occurred in “the last few months.”

NSO’s Pegasus spyware is capable of remotely logging data from an infected iOS or Android device and can be used to covertly turn on a phone’s microphones or cameras.

It is also designed to infect phones using a “zero click” attack, in which spyware can be installed without the target clicking a link or taking any action. Pegasus is not supposed to leave any traces either, although researchers have developed some methods to determine if a phone was hacked by it.

What is the NSO Group?

US State Department phones hacked with Pegasus software.

Israel-based NSO Group must obtain approval from the Israeli Defense Ministry before selling its software to another government agency. NSO co-founder Shalev Hulio has insisted the company doesn’t know who its customers are spying on with its software.

AmericanPost.News reports that the company also noted that it will investigate customers if they are using Pegasus on off-limits targets and will cut off customer access to software if there is evidence of abuse.

Follow us on Google News, Facebook and Twitter to stay informed.