Security News > 2020 > May > NSO Group Impersonates Facebook Security Team to Spread Spyware — Report
According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in.
The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage attacks.
Facebook is in the process of suing the NSO Group over its alleged use of a zero-day exploit for Facebook-owned WhatsApp.
Facebook also claims to have evidence that NSO Group launched some of its WhatsApp hacks last year from cloud infrastructure hosted in the U.S.: Court documents filed by Facebook in April detailing alleged specific U.S. IP addresses used by NSO Group, hosted by California-based QuadraNet as well as Amazon.
In a related link to the NSO Group situation, the IP address provided to Motherboard by the NSO Group former employee allegedly resolved to domains registered with Namecheap, including the fake Facebook security portal, Motherboard noted.
News URL
https://threatpost.com/nso-group-impersonates-facebook-security/156021/
Related news
- Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure (source)
- UK activists targeted with Pegasus spyware ask police to charge NSO Group (source)
- The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025 (source)
- Two-Thirds of Security Leaders Consider Banning AI-Generated Code, Report Finds (source)