Security News

The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. The disclosure comes as a special inquiry committee was launched in April 2022 to investigate alleged breaches of E.U. law following revelations that the company's Pegasus spyware is being used to snoop on phones belonging to politicians, diplomats, and civil society members.

NSO Group told European lawmakers this week that "Under 50" customers use its notorious Pegasus spyware, though these customers include "More than five" European Union member states. Generally speaking, a target selected by an NSO customer has their phone or other device infected with hidden spyware via the exploitation of one or more security vulnerabilities.

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.

An unknown zero-click exploit in Apple's iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists and activists. Citizen Lab, in collaboration with Catalan-based researchers, released the finding in a report on Monday that claims 65 people were targeted or infected with malware via an iPhone vulnerability called HOMAGE. It asserts the controversial Israeli firm the NSO Group and a second firm Candiru were behind the campaigns that took place between 2017 and 2020.

The Canadian research outfit also said it had identified at least 65 individuals linked with Catalan civil society groups in Spain who were targeted by, or infected with, surveillance software. On Monday, Citizen Lab, a part of at the University of Toronto's Munk School, said it had found likely NSO Group Pegasus spyware infections on devices associated with UK Prime Minister Boris Johnson's office, 10 Downing Street, and on devices linked to the FCO, now called the FCDO, or the Foreign Commonwealth and Development office.

Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists. "Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.

Someone at least tried to use NSO Group's surveillance software to spy on European Commission officials last year, according to a Reuters report. European Justice Commissioner Didier Reynders and at least four commission staffers were targeted, according to the news outlet, citing two EU officials and documentation.

The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland's diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. Last summer, the Guardian newspaper published a report from journalists who reviewed data leaked from NSO Group that found 50,000 phone numbers they believe were being monitored for their clients, dating back to 2016, including Amnesty International employees, human rights lawyers and more.

Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign. "Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity," the Ministry said in a statement published today.

Citizen Lab published another report on the spyware used against two Egyptian nationals. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.