The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices.
In November, Apple sent thousands of messages to iPhone owners, including the EU officials, to notify them they were “targeted by state-sponsored attackers.”
“It was the first time Apple had sent a mass alert to users that they were in government hackers’ crosshairs.” reported the Reuters. “The warnings triggered immediate concern at the commission, the two officials said. In a Nov. 26 email reviewed by Reuters, a senior tech staffer sent a message to colleagues with background about Israeli hacking tools and a request to be on the lookout for additional warnings from Apple.”
Security researchers said that Apple sent the warnings to its users targeted between February and September 2021. The Pegasus spyware used the ForcedEntry zero-day exploit to compromise the recipients’ devices without their interaction.
“IT experts examined at least some of the officials’ smartphones for signs of compromise but the results were inconclusive, according to the two EU sources, who spoke on condition of anonymity because they weren’t authorized to speak to the press.” concludes the report. “Reuters has not been able to determine whether the commission is still investigating the matter.”
NSO sent a statement to Reuters to exclude the involvement of its surveillance tools in the attacks reported by the agency. The targeting described by Reuters “could not have happened with NSO’s tools.”
According to the lawsuit, NSO Group is accountable for hacking into Apple’s iOS-based devices using zero-click exploits. The software developed by the surveillance firm was used to spy on activists, journalists, researchers, and government officials.
In December, Apple warned that the mobile devices of at least nine US Department of State employees were compromised with NSO Group‘s Pegasus spyware.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, Pegasus)