NSO Group tech reportedly used to hack US officials’ iPhones

The hacks mark the first confirmed hack of U.S. officials phones with the NSO Group software.
(Photo by Amir Levy/Getty Images)

Nearly a dozen iPhones associated with U.S. State Department employees were hacked using spyware developed by Israel-based NSO Group, Reuters first reported Friday.

The attacks were carried out in the last several months by an unknown assailant on U.S. officials either based in Uganda or focused on the country, sources told Reuters. The Washington Post and CNN also confirmed the intrusions.

Previous reporting on NSO Group suggested that U.S. officials’ phones may have been targeted using software developed by NSO Group, but Friday’s report is the first to confirm successful breaches.

As many as 11 U.S. diplomats received notices from Apple that they may have been targeted with the spyware, the Post reported. Apple began notifying potential targets around the world that they may have been targeted by the NSO Group software on Nov. 23, the same day the tech firm announced a lawsuit against NSO Group for allegedly violating its terms of service.


NSO Group and another Israeli firm, Candiru, were added to the U.S. “entity list” on Nov. 3 after the U.S government accused the company of being used by foreign governments to “maliciously target government officials, journalists, business people, activists, academics, and embassy workers.” The designation prohibits most transfer of products between U.S. companies and the two firms.

“We have been acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to U.S. personnel, which is one of the reasons why the Biden-Harris Administration has placed several companies involved in the development and proliferation of these tools on the Department of Commerce’s Entity List,” the National Security Council told the Post in a statement.

NSO Group told both news organizations Friday that it had no indication its software was used in the attacks, but canceled the “relevant” accounts nonetheless. It would also investigate the matter and permanently terminate any work with whichever customer carried out the attack, and would cooperate with any external investigation into the matter.

Latest Podcasts