Security News
Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists. "Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.
Someone at least tried to use NSO Group's surveillance software to spy on European Commission officials last year, according to a Reuters report. European Justice Commissioner Didier Reynders and at least four commission staffers were targeted, according to the news outlet, citing two EU officials and documentation.
The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland's diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. Last summer, the Guardian newspaper published a report from journalists who reviewed data leaked from NSO Group that found 50,000 phone numbers they believe were being monitored for their clients, dating back to 2016, including Amnesty International employees, human rights lawyers and more.
Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign. "Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity," the Ministry said in a statement published today.
Citizen Lab published another report on the spyware used against two Egyptian nationals. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.
Eighteen US Democratic lawmakers have asked the Treasury Department and State Department to punish Israel-based spyware maker NSO Group and three other surveillance software firms for enabling human rights abuses. In a letter [PDF] signed by US Senator Ron Wyden, House Intelligence Committee Chairman Adam Schiff, and 16 others, the legislators urge Secretary of the Treasury Janet Yellen and Secretary of State Antony Blinken to apply sanctions to the NSO Group, UAE-based DarkMatter Group, and EU-based Nexa Technologies and Trovicor, under the Global Magnitsky Act.
NSO Group's descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees.
The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters. NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.
Apple has warned at least nine US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. "On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have," an NSO spokesperson separately told Motherboard.
The complaint alleges that the maker of the infamous Pegasus mobile spyware is responsible for the illegal surveillance of Apple users. "In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place," said Ivan Krstić, head of apple security engineering and architecture, in an Apple statement, issued Monday.