Christopher Bing, Joseph Menn

WASHINGTON/SAN FRANCISCO – Apple Inc (NASDAQ) – According to at least four persons familiar with the situation, iPhones belonging to nine U.S. State Department workers were hacked. The attacker used sophisticated spyware from the Israel-based NSO Group.

According to two sources, the hacks took place over several months. They targeted U.S. officers based in Uganda, or they focused on East African issues.

These intrusions are the largest known hacks against U.S. officials using NSO technology. In the past, there was a list with possible targets that included some American officials. However, it wasn’t clear if intrusions had ever been attempted or successful.

Reuters was unable to determine which cyberattack was launched.

NSO Group stated in a Thursday statement that they did not know if their tools had been used, but that they had canceled relevant accounts and would conduct an investigation based upon the Reuters inquiry.

NSO spokesperson said that if our investigation shows these actions were indeed carried out with NSO’s tools then such customer will be terminated permanent and legal action will ensue.

NSO stated for many years that it sells products only to intelligence and government clients. This helps them monitor security threats and does not direct surveillance.

Washington officials from the Uganda Embassy did not respond to our request. Apple spokesperson refused to comment.

The State Department spokeswoman declined to discuss the intrusions and instead pointed to Commerce Department’s decision to put the Israeli company onto an entity list. This makes it more difficult for U.S. businesses to do business with them.

NSO Group and another spy firm were added to the EntityList based upon a determination that the spyware was developed and provided spyware to foreign governments. This tool is used to malignly target journalists, government officials, businesspeople and activists as well as diplomats,” Commerce Department stated in an announcement last month.

EASY IDENTIFIABLE

NSO software has the ability to capture sensitive data from infected devices, including photos, and also turn them into surveillance tools. This is based upon Reuters’s review of product manuals.

Apple didn’t name the source of this spyware in the alert it sent to users affected by the hack.

Apple alerted the victims of this attack, which included American citizens. Two individuals said that they were able to distinguish them as U.S. employees by their association of email addresses that end in state.gov and their Apple IDs.

The sources claimed they, along with other Apple targets in multiple countries, were infected via the same graphic processing vulnerability Apple didn’t fix until September.

According to researchers, the software flaw has allowed NSO customers to gain control over iPhones since at least February. They simply needed to send tainted iMessages to the device.

For the hack to succeed, victims wouldn’t need to interact or see a prompt. Pegasus is a version of NSO surveillance program that could then be downloaded.

Apple made the announcement to notify victims on Monday, as it also sued NSO Group, accusing NSO Group of helping customers gain access to Apple’s iOS mobile software.

NSO stated in a response that its technology aids in stopping terrorism. They also said they have controls installed to stop spying from innocent targets.

NSO, for example, says that its intrusion software cannot be used on U.S. phones starting with country code +1.

However, in the Uganda case the State Department staff were using iPhones that had foreign phone numbers registered to them, according to two sources. They did not have the U.S. Country Code.

Unidentified senior Biden administration official spoke on condition of anonymity to say that U.S. personnel overseas was a reason the administration is cracking down against NSO companies and seeking new global discussions about spying limitations.

Official added that there has been “systemic abuse” of NSO’s Pegasus spyware in several countries.

NSO Group was once a well-respected client for Saudi Arabia and Mexico.

NSO must be approved by the Israeli Ministry of Defense to export its technology to international markets. NSO has strong ties with Israel’s intelligence and defense communities.

According to the Israeli Embassy in Washington, targeting American officials is a grave violation of their rules.

An embassy spokesperson stated that cyber products such as the ones mentioned were licensed and supervised to export to countries only to combat terrorism and other serious crimes. The licensing requirements are clear. If these claims are true it would be considered a grave violation.