Apple Warns of Further Compromises by Israel’s NSO Group

The NSO Group, known for their suite of exploitation tools, has once again found itself at the center of unwanted attention when Apple revealed that it had warned a number of individuals, including 11 members of the U.S. Embassy Kampala mission that their iPhones had been compromised. The compromise was carried out, according to Apple, by an unknown entity using the “Pegasus” spyware designed by NSO Group.

NSO Group pledged to terminate their sales and support to customers that were abusing its software, but has yet to identify those customers, including those behind the compromise of U.S. Department of State personnel. In a not-very-reassuring move, telephone numbers with the U.S. country code of +1 are supposedly blocked from exploitation by NSO Group’s Pegasus software.

AWS Builder Community Hub

The question remains: Who is the NSO Group customer targeting U.S. interests?

Eyes on NSO Group

In July 2021, the NSO Group characterized their toolkit as the reason millions of people around the world could sleep well at night because their technology was made available to intelligence and law enforcement agencies combatting, among other things, terrorism, according to the Business-Standard.

But also in July 2021, the government of Israel announced the formation of a senior inter-ministerial team to determine if the spyware being developed by Israeli firms was, in fact, being abused. Contemporaneously, French president Emmanuel Macron called for an investigation into Pegasus after learning that he had been targeted by the spyware.

In September 2021, Citizen Lab provided their independent research on the spyware, which caused Apple to update their iOS to address the identified vulnerability.

On November 3, 2021 the U.S. Commerce Department added NSO Group to its entity list for malicious cyber activities. NSO Group was described as a company which “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers.”

The National Security Council statement concerning this turn of events involving NSO Group was blunt: “We have been acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to U.S. personnel, which is one of the reasons the Biden-Harris administration has placed several companies involved in the development and proliferation of these tools on the Department of Commerce’s Entity List.”

Targets Identified by Apple

On November 23, 2021, Apple sued NSO Group, describing the entity as “notorious hackers—amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.” Two days later, they began sending out notices to individuals in Uganda, El Salvador and Thailand advising them that their devices were being targeted:

“These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it’s possible this is a false alarm, please take this warning seriously.”

Craig Federighi, Apple’s senior vice president of software engineering, commented, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”

NSO Group, for its part, disavows any knowledge of abuse or misuse, noting they just sell the tools—the customer determines the target.

It is expected that Apple’s visibility into the victims of the NSO spyware is not limited to only three countries, and that similar notifications will be forthcoming for other targets and locations.

Summit for Democracy

The United States is leading a global initiative at the upcoming Summit for Democracy which will bring together over 100 nations on December 9 and 10, 2021. The initiative’s goal will be to prevent authoritarian governments from using technology to conduct surveillance and human rights abuses. The spyware developed by the NSO Group no doubt will be top-of-mind during these discussions.


Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 186 posts and counting.See all posts by burgesschristopher