Security researchers have documented the first known case of NSO’s Pegasus spyware being used in a military conflict. The hacks relate to the long-running military conflict between Armenia and Azerbaijan, over a region claimed by both countries.
The victims – who included a United Nations official, journalists, human rights advocates, and a former government minister – received alerts from Apple that their iPhones had been hacked …
Pegasus spyware
NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is capable of mounting zero-click exploits – where no user interaction is required by the target.
In particular, simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.
NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted.
Apple alerts
By the nature of zero-click attacks, it’s only possible to identify and patch the vulnerability after it has already been exploited. However, Apple has come up with ways to spot signs of a compromised iPhone, and it now sends alerts to devices it believes have fallen victim to a Pegasus attack.
Apple has sent these alerts to a range of people, including pro-democracy protestors in Thailand, senior European Union officials, a Polish prosecutor, and US State Department staff.
At least a dozen hacks in Armenia/Azerbaijan conflict
The Guardian reports that at least a dozen people had their iPhones hacked by Pegasus spyware.
Researchers have documented the first known case of NSO Group’s spyware being used in a military conflict after they discovered that journalists, human rights advocates, a United Nations official, and members of civil society in Armenia were hacked by a government using the spyware.
The hacking campaign, which targeted at least a dozen victims from October 2020 to December 2022, appears closely linked to events in the long running military conflict between Armenia and Azerbaijan over the contested Nagorno-Karabakh region.
Apple detected that the devices had been compromised, and sent alerts to victims. These included Anna Naghdalyan, who was an Armenian foreign office spokesperson at the time. Her phone was hacked at least 27 times, according to the report.
Researchers said the timing of the attacks put her “squarely in the most sensitive conversations and negotiations related to the Nagorno-Karabakh crisis”, including the ceasefire mediation attempts by France, Russia, and the US and official visits to Moscow and Karabakh.
Naghdalyan told Access Now that she had “all the information about the developments during the war on [her] phone” at the time of her hacking
All the evidence points to Azerbaijan government
While researchers say that they cannot absolutely determine who carried out the spyware attacks, there is “substantial evidence” that Azerbaijan has a Pegasus contract.
Additionally, the victims selected for the hacks would also point to the Azerbaijan government. Neither government responded to a request for comment.
Pegasus threat remains
The US government banning the use of Pegasus by its own agencies had a severe impact on NSO’s finances, and the fact that Apple is now able to alert victims makes the spyware significantly less useful. Apple also offers a Lockdown Mode, allowing high-risk individuals to harden their iPhone against Pegasus, but at the cost of a great deal of functionality.
However, NSO’s financial struggles potentially make it more dangerous, as it reportedly planned to sell its software to red-flagged countries.
Photo: Антон Дмитриев/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments