A number of senior officials from the European Commission were reportedly targeted with spyware built by the infamous Israeli NSO Group, but the company denies involvement and claims its tools weren’t used.
Reuters reports that back in November 2021, Apple warned “thousands of iPhone owners” that they were being targeted by “state-sponsored attackers”.
Among them was senior Belgian statesman, Didier Reynders.
The tools used for the attack, the researchers claim, include ForcedEntry, a software built by NSO Group to help government intelligence agencies invisibly take control over iPhone endpoints (opens in new tab).
But NSO “just” sells the tool, and researchers are yet to determine who bought it. The Israelis said these particular attacks “could not have happened with NSO’s tools.”
To say that NSO Group is a controversial firm would be a severe understatement. The company is known for building cyber-espionage tools, often used by government agencies to spy on their citizens, political opponents, human rights activists, and journalists, prompting many users to connect to the internet only via VPN (opens in new tab), from a trusted device.
In early November 2021, the company was blacklisted in the United States. Commenting on the decision, it said it was “dismayed”, since its technologies “support US national security interests and policies by preventing terrorism and crime.”
The same month, Apple sued the company, holding it accountable for circumventing iPhone security mechanisms (opens in new tab) in order to surveil Apple users via its Pegasus spyware.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering.
A month later, it was discovered that the Facebook-owned messaging service WhatsApp sued NSO after discovering the firm exploited a flaw to snoop on users.
Facebook accused NSO of violating the US Computer Fraud and Abuse Act and remotely hijacking the messaging app of 1,400 users which include hundreds of journalists and human rights defenders.
Via: Reuters (opens in new tab)