Apple Reportedly Notified Some U.S. State Department Employees They May Have Been Targeted by NSO Group Spyware
Apple has notified at least nine U.S. Department of State employees that they may have been targeted by state-sponsored spyware created by Israeli company NSO Group, according to a Reuters report citing four people familiar with the matter.
A spokesperson for NSO Group told Reuters that it will investigate and take legal action against customers using its tools illegally if necessary.
"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," said an NSO spokesperson, who added that NSO will also "cooperate with any relevant government authority and present the full information we will have."
Last month, Apple filed a lawsuit against NSO Group to "hold it accountable" for state-sponsored spyware targeting Apple users. Apple also said it would contribute $10 million to organizations pursuing cybersurveillance research and advocacy.
Apple said NSO Group's "spyware product" Pegasus was used to attack a "very small number of users" across multiple platforms, including iOS and Android.
Apple's legal complaint provides new information on NSO Group's FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim's Apple device and install the latest version of NSO Group's spyware product, Pegasus. […]
To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim's device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim's knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks.
Apple said NSO Group's spyware could allow for attackers to "access the microphone, camera, and other sensitive data on Apple and Android devices." Apple added that iOS 15 includes new security protections and, as of November 23, Apple said it had not observed any evidence of successful remote attacks against devices running any iOS 15 version.
In a support document, Apple said it would notify users who may have been targeted by email and iMessage "in accordance with industry best practices."
If Apple discovers activity consistent with a state-sponsored attack, we notify the targeted users in two ways:
- A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
- Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user's Apple ID.
These notifications provide additional steps that notified users can take to help protect their devices.
Through the lawsuit and notifications, Apple aims to cut down on the abuse of state-sponsored spyware.
"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability," said Apple's software engineering chief Craig Federighi. "That needs to change."
(Thanks, Jordan Golson!)
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.