Skip to main content

Apple alerted Pegasus spyware victims during first known use in a military conflict

Security researchers have documented the first known case of NSO’s Pegasus spyware being used in a military conflict. The hacks relate to the long-running military conflict between Armenia and Azerbaijan, over a region claimed by both countries.

The victims – who included a United Nations official, journalists, human rights advocates, and a former government minister – received alerts from Apple that their iPhones had been hacked …

Pegasus spyware

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.

NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted.

Apple alerts

By the nature of zero-click attacks, it’s only possible to identify and patch the vulnerability after it has already been exploited. However, Apple has come up with ways to spot signs of a compromised iPhone, and it now sends alerts to devices it believes have fallen victim to a Pegasus attack.

Apple has sent these alerts to a range of people, including pro-democracy protestors in Thailand, senior European Union officials, a Polish prosecutor, and US State Department staff.

At least a dozen hacks in Armenia/Azerbaijan conflict

The Guardian reports that at least a dozen people had their iPhones hacked by Pegasus spyware.

Researchers have documented the first known case of NSO Group’s spyware being used in a military conflict after they discovered that journalists, human rights advocates, a United Nations official, and members of civil society in Armenia were hacked by a government using the spyware.

The hacking campaign, which targeted at least a dozen victims from October 2020 to December 2022, appears closely linked to events in the long running military conflict between Armenia and Azerbaijan over the contested Nagorno-Karabakh region.

Apple detected that the devices had been compromised, and sent alerts to victims. These included Anna Naghdalyan, who was an Armenian foreign office spokesperson at the time. Her phone was hacked at least 27 times, according to the report.

Researchers said the timing of the attacks put her “squarely in the most sensitive conversations and negotiations related to the Nagorno-Karabakh crisis”, including the ceasefire mediation attempts by France, Russia, and the US and official visits to Moscow and Karabakh.

Naghdalyan told Access Now that she had “all the information about the developments during the war on [her] phone” at the time of her hacking

All the evidence points to Azerbaijan government

While researchers say that they cannot absolutely determine who carried out the spyware attacks, there is “substantial evidence” that Azerbaijan has a Pegasus contract.

Additionally, the victims selected for the hacks would also point to the Azerbaijan government. Neither government responded to a request for comment.

Pegasus threat remains

The US government banning the use of Pegasus by its own agencies had a severe impact on NSO’s finances, and the fact that Apple is now able to alert victims makes the spyware significantly less useful. Apple also offers a Lockdown Mode, allowing high-risk individuals to harden their iPhone against Pegasus, but at the cost of a great deal of functionality.

However, NSO’s financial struggles potentially make it more dangerous, as it reportedly planned to sell its software to red-flagged countries.

Photo: Антон Дмитриев/Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications