Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group.
The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees.
Pegasus uses zero-click exploits sent through messaging apps to infect iPhones and Android devices without requiring targets to click links or take any other action, but are by default blocked from working on U.S. phone numbers.
Evidence gathered over the years has revealed a systematic abuse of the technology to spy on human rights activists, journalists and politicians from Saudi Arabia, Bahrain, Morocco, Mexico, and other countries.
NSO Group’s actions have cost it dear, landing it in the crosshairs of the U.S. Commerce Department, which placed the company in an economic blocklist last month, a decision that may have been motivated by the aforementioned targeting of U.S. foreign diplomats.
Tech giants Apple and Meta have since waged a legal onslaught against the company for illegally hacking their users by exploiting previously unknown security flaws in iOS and the end-to-end encrypted WhatsApp messaging service. Apple, in addition, also said it began sending threat notifications to alert users it believes have been targeted by state-sponsored attackers.
Notifications will be delivered to affected users via email and iMessage to the addresses and phone numbers associated with the users’ Apple IDs, and a prominent “Threat Notification” banner will be displayed at the top of the page when impacted users log into their accounts on appleid.apple[.]com.
The disclosures also coincide with a report from The Wall Street Journal that detailed the U.S. government plans to work with over 100 countries to limit the export of surveillance software to authoritarian governments that use the technologies to suppress human rights. China and Russia are not expected to be a part of the new initiative.