Almost a dozen US diplomats working in Uganda have reportedly had their iPhones hacked by Pegasus spyware, in the first case of the malware created by Israeli company NSO being used against US government targets.
Apple has alerted eleven US diplomats either working in Uganda or on matters concerning the East African country that their phones had been penetrated by Pegasus, Reuters and the Washington Post reported on Friday, citing anonymous sources familiar with the matter.
The hack took place over the “last several months,” said Reuters, adding that the phones targeted had foreign numbers. NSO, the firm behind Pegasus, has maintained its malware cannot work on iPhones with US numbers.
While the State Department and Apple did not officially comment on the report, NSO issued a statement reacting to the allegations.
“Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations,” said NSO spokesperson Oded Hershkovitz.
While the company has not received “any information nor the phone numbers, nor any indication that NSO’s tools were used in this case,” at this point, they are ready to “cooperate with any relevant government authority and present the full information we will have,” Hershkovitz added.
NSO has close ties with the Israeli defense and intelligence communities, and the Israeli Defense Ministry must approve export licenses for their products. Historically, the company’s clients have included Saudi Arabia, the United Arab Emirates, and Mexico.
Targeting US officials would be a serious breach of the rules, the Israeli embassy in Washington said in a statement on Friday.
“Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes,” an embassy spokesperson said. “The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions.”
The United States National Security Council did not directly comment on the accusations, but issued a statement on Friday saying they have been “acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to US personnel.”
This is why the “Biden-Harris Administration has placed several companies involved in the development and proliferation of these tools on the Department of Commerce’s Entity List,” the NSC added.
The US blacklisted NSO in October, citing Pegasus revelations. Apple has since sued to block NSO from accessing their devices, software, or service.