Apple Notifies U.S. State Department Employees That Pegasus Is Targeting Their iPhones

4 Min Read Published: Dec 6th, 2021

Text Size

- +

Toggle Dark Mode

Last month, Apple launched a lawsuit against NSO Group in an attempt to shut down the notorious Pegasus spyware, promising to help fund research to combat the abuse of such tools.

At the same time, Apple promised to begin notifying anybody it believes has been targeted by Pegasus and other similar spyware. The results of these disclosures have started to show just how pervasive and insidious these tools have become.

Within hours of Apple’s announcement, six Thai activists and researchers received alerts that their iPhones may have been targeted by “state-sponsored attackers.” This was followed a few days later, with a Polish prosecutor receiving a similar alert.

However, this is likely just the tip of the iceberg, as these are just the reports we know about. All these activists had one thing in common: They were known to be critical of their respective governments and had regularly spoken out against corrupt practices by politicians and other leaders.

However, now it looks like Pegasus has hit even closer to home, with several U.S. State Department employees receiving notifications that their iPhones had been compromised — most likely by Pegasus.

Spyware Attacks on U.S. Officials

According to Reuters, at least nine U.S. officials working on matters related to Uganda received the alerts from Apple last week that a state-sponsored attack had targeted them. Although Apple’s alerts do not identify the specific spyware used in the attack, it’s widely believed to be the NSO Group’s Pegasus tool.

A July 2021 investigative report by The Washington Post revealed that some U.S. officials had been included on a list of potential Pegasus targets that includes more than 50,000 phone numbers. Still, it wasn’t clear whether those officials had actually been targeted, nor whether any attacks had succeeded.

Thanks to Apple’s alerting system, however, we now know that at least some officials did fall victim to these types of attacks, although it remains unclear who is actually behind them.

Reuters noted that it was easy to identify the victims as American citizens and U.S. government employees, as their Apple IDs were email addresses at the official state.gov domain.

These intrusions represent the widest known hacks of U.S. officials using NSO technology. However, it appears that these particular State Department employees are being targeted due to their involvement in trying to help quell the current political unrest in Uganda.

Norbert Mao, the President of the Democratic Party in Uganda, also shared that he had woken up to a similar threat notification from Apple back in November.

When you wake up to a threat notification from @Apple that your iPhone is being targeted then you know that cyber terrorism from state sponsored cyber terrorists is real. pic.twitter.com/1uZ9eIf1FR
— Norbert Mao (@norbertmao) November 24, 2021

NSO Group has insisted that its spyware cannot be used on phones with North American numbers — phones that begin with +1 are basically on a Pegasus block list. So it makes sense that the State Department officials in question were using iPhones registered with foreign telephone numbers, most likely numbers based in Uganda, in support of their work in meeting with Ugandan opposition leaders.

However, Reuters also adds that it “has no evidence the hacks were related to current events in Uganda.” A senior Biden Administration official said that the U.S. government has seen “system abuse” in multiple countries involving NSO’s Pegasus spyware.

For its part, NSO Group released a statement last week saying that it had no evidence that its tools were used but that it had also “canceled access for the relevant customers” and would be investigating further.

If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place.
NSO spokesperson

As Reuters explains, the Israeli Ministry of Defense must approve export licenses for NSO for it to be permitted to sell its technology intentionally. However, some of its best-known past clients have included Saudi Arabia, the United Arab Emirates, and Mexico.

However, the Israeli embassy in Washington released a statement that said that target U.S. officials would “be a serious breach of its rules.”

Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes. The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions.
Israeli embassy spokesperson

Nonetheless, thanks to Apple’s more proactive stance on notifying targets of Pegasus and other state-sponsored spyware, it appears that some of these rules have been broken. It remains to be seen what will come of Apple’s lawsuit against NSO Group, but at the very least, it seems that Apple’s notifications are working as designed to bring these intrusions into the light of day.