Several U.S. State Department officials had their Apple iPhones hacked by an unknown entity who used foreign spyware to access data on their devices, Reuters reported.
The hacks were carried out using spyware from Israeli technology firm NSO Group, which reportedly develops surveillance software designed to covertly monitor devices and access data, according to Reuters, who cited four people familiar with the matter.
The hacks targeted several officials based in Uganda or handling matters related to the country, according to Reuters, and they reportedly took place over the last few months. The outlet did not identify the source of the attacks.
When reached for comment, a State Department spokesperson told the Daily Caller News Foundation that the department was unable to confirm the reports but said it took its responsibility for protecting data and private information seriously. The spokesperson pointed to a November decision by the U.S. Department of Commerce to add NSO Group to its Entity List over concerns that the company was selling spyware to authoritarian governments.
The spokesperson did not identify the seniority of those targeted in the hacks or whether any secure data was accessed.
NSO Group did not immediately respond to the DCNF’s request for comment but told Reuters that it was not aware that its products were used in the attack and that the company would cooperate with relevant authorities to resolve the matter.
“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” an NSO spokesperson told Reuters.
The Israeli embassy in the U.S. told Reuters that if Reuters’ reporting was correct, NSO Group would be in violation of Israeli law.
“Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes,” an Israeli embassy spokesperson told the outlet. “The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions.”
NSO Group was the subject of an extensive investigation by a consortium of media outlets and nonprofit groups reporting that its technology was being used by “authoritarian” regimes to spy on journalists and activists.
Canadian cybersecurity research outfit Citizen Lab reported in September that NSO Group’s “zero-day zero-click” spyware was used to remotely access data, including messages, emails, calls and photos, on an unknown number of Apple devices, prompting Apple to release emergency updates to its operating systems. NSO Group’s technology reportedly allowed users to infect devices, such as computers, smartphones and smart accessories, through messaging services without requiring the receiver to click on a link.
Apple sued NSO Group in November in relation to the reported hack, saying the company harmed the tech giant.