Some foreign service officers in Uganda were among those who were informed that their iPhones had been compromised by an attack

Apple Inc. informed 11 U.S. State Department employees in Uganda last week that their iPhones had been hacked. According to a source familiar with the matter, investigators have linked this attack to NSO Group, an Israeli technology firm that was blacklisted under the Biden administration.

The State Department targeted employees were not all U.S citizens. Some were foreign service officers, but others appeared to be locals working at the embassy. According to the person, the hack phones were linked with State Department email addresses.

These alerts are the first cases in which NSO Group’s mobile hacking tool, Pegasus, has been used to target American officials.

NSO Group was placed on an export ban list by the Biden administration last month. This follows a series of articles by a global consortium a journalism organizations alleging that Pegasus (one of NSO Group’s main software intrusion tools) has been used worldwide by law-enforcement customers and intelligence customers to target and hack into cellphones belonging politicians, human rights activists, and journalists.

NSO Group stated that the inquiry had been received and that an investigation was under way. “Due to the seriousness of the allegations, we have decided to immediately end the access to the system for the relevant customers,” NSO Group stated in a statement. “To date, we have not received any information, the phone numbers or any indications that NSO’s tools are being used in this case.”

NSO Group did not identify the customer or customers who had their access terminated, but it said that it would cooperate with any government authorities looking into the matter. Apple follows a policy of notifying users if they suspect that they have been targeted. These notifications do not include the identity of those responsible. Reuters reported for the first time that at least nine State Department employees were hacked by an unknown NSO Group customer.

Although the State Department did not confirm these allegations, it said that it closely monitors cybersecurity conditions among its employees.

Apple sued NSO Group last week, claiming that the company engaged in “concerted attempts in 2021 to attack Apple customers, Apple products, servers, and users through dangerous malware, spyware, and Apple’s devices and software.” NSO Group is prohibited from using Apple products. This lawsuit follows one that WhatsApp brought in 2019, alleging NSO Group sent malware to 1,400 users. Meta Platforms Inc. is the owner of WhatsApp, formerly Facebook Inc.

NSO Group claims its technology has helped save lives by assisting law enforcement and intelligence agencies worldwide to pursue terrorists and other criminals. NSO Group also stated that it had terminated agreements with governments who have abused its software, and taken steps to prevent future abuse.

However, this has not been enough to placate the company’s critics who for many years have accused NSO Group as being one of the most prominent vendors on a growing commercial market for hacking tools. While governments may develop their own hacking tools through intelligence agencies such as the National Security Agency (NSA), others are increasingly looking to buy digital surveillance tools from companies that build and sell them.

Sen. Ron Wyden (Democratic member of Senate Intelligence Committee) stated Friday that companies that allow their customers to hack U.S. employees are a threat and should be treated so by the government. This was in response to State Department notifications.

Ticker Security Last   Change %
AAPL APPLE, INC. 166.09 +4.25 +2.63%
FB META PLATFORMS INC. 316.52 +9.69 +3.16%

NSO Group stated that certain restrictions are placed on the tools’ use, including the inability to work on U.S. telephone numbers. Friday’s statement by NSO Group acknowledged that once the software has been sold to a licensed customer, NSO does not know the identities of customers. As such, it was not possible to be aware of this.

Pegasus spyware can be used to pervasively monitor a phone once it is compromised. It basically creates a silent spying device which can access the phone’s files, messages, microphone, and camera. Researchers who studied the software have found that the NSO Group has created a variety of sophisticated methods to install it. One “zero-click” method was discovered earlier this year and could infect an iPhone without the owner having to click a link or open any file.