Security News > 2020 > May > NSO Group Impersonates Facebook Security Team to Spread Spyware — Report
According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in.
The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage attacks.
Facebook is in the process of suing the NSO Group over its alleged use of a zero-day exploit for Facebook-owned WhatsApp.
Facebook also claims to have evidence that NSO Group launched some of its WhatsApp hacks last year from cloud infrastructure hosted in the U.S.: Court documents filed by Facebook in April detailing alleged specific U.S. IP addresses used by NSO Group, hosted by California-based QuadraNet as well as Amazon.
In a related link to the NSO Group situation, the IP address provided to Motherboard by the NSO Group former employee allegedly resolved to domains registered with Namecheap, including the fake Facebook security portal, Motherboard noted.
News URL
https://threatpost.com/nso-group-impersonates-facebook-security/156021/
Related news
- NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (source)
- U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case (source)
- Report: Voice of Practitioners 2024 – The True State of Secrets Security (source)
- NIST report on hardware security risks reveals 98 failure scenarios (source)
- NSO Group used another WhatsApp zero-day after being sued, court docs say (source)
- NSO Group Spies on People on Behalf of Governments (source)