Skip to main content

NSO Group, maker of Pegasus spyware for iPhone and Android

47 'NSO' stories July 2020 - March 2024
See All Stories
NSO Group

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.

NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted. A report by Amnesty International that said that Pegasus was being used to mount zero-click attacks against human rights activists and other innocent targets.

An explosive report from Amnesty International interpreted device logs to reveal the scope of targeted malware attacks in active use targeting Android and iPhone devices, since July 2014 and as recently as July 2021. Exploited devices can secretly transmit messages and photos stored on the phone, as well as record phone calls and secretly record from the microphone. The attack is sold by Israeli firm NSO Group as ‘Pegasus’.

Whilst the company claims to only sell the spyware software for legit counterterrorism purposes, the report indicates it has actually been used to target human rights activists, lawyers and journalists around the world (as many have long suspected).

In July 2021, Apple issued an iOS security fix that appears to match the exploit reportedly used by NSO, though security researchers say that Apple needs to do more.

NSO initially made contradictory statements, first saying that it had no way to monitor how its software was used, and subsequently denying that it was used against the targets described in Amnesty’s report. It then said it would issue no further statements, and would not be answering any questions from the media.

The US government banned the import and use of Pegasus, depriving the company of its most lucrative customer base: US law enforcement agencies. Apple added to the pressure, suing the company, and alerting owners of infected iPhones. That put the company under extreme financial pressure, which may see it disappear – or may just make things worse.

For those most at risk – such as diplomats, politicians, government opponents, and activists – Apple has made available iPhone Lockdown Mode, which disables the most common attack paths.

iPhone spyware company NSO suffers major defeat in US court, in Meta lawsuit

Avatar for Ben Lovejoy Mar 1 2024 - 3:52 am PT
4 Comments
iPhone spyware company NSO must reveal code | Code on monitor viewed through glasses

The Android and iPhone spyware company NSO has suffered a major defeat in a US court, after a judge ruled that the company must hand over its Pegasus code to Meta.

It’s the latest setback for the company, which has been blacklisted in the US, sued by Apple, seen victims alerted by the iPhone maker, and faced severe financial problems

Expand Expanding Close

Apple sends iPhone hack warning to Indian opposition leader; walks tricky line

Avatar for Ben Lovejoy Oct 31 2023 - 6:04 am PT
14 Comments
iPhone hack warning | A copy of the alert message from Apple

Apple has sent iPhone hack warnings to the leader of India’s main opposition party, alongside other politicians opposing Narendra Modi’s government – placing Apple in a potentially delicate position.

A security researcher was also alerted, and shared a copy of the alert message he was sent, in which Apple advised enabling Lockdown Mode …

Expand Expanding Close

FBI found out who illegally used NSO spyware: It was the FBI

Avatar for Ben Lovejoy Aug 1 2023 - 5:26 am PT
21 Comments
FBI used NSO spyware | Hotdog car guy meme

Using NSO spyware has been illegal in the US since the government banned its import and use back in November 2021. When it was discovered that a US contractor had illegally used the spyware in April of this year, the FBI was asked to find out the identity of the end client.

That client turned out to be… the FBI.

Questions are now being asked about whether the FBI was the only government agency to receive illegally obtained data from the contractor, whose other clients include the Department of Defense and the Drug Enforcement Administration …

Expand Expanding Close

Turn off your iPhone for five minutes – Australian PM echoes cybersecurity advice

Avatar for Ben Lovejoy Jun 23 2023 - 5:54 am PT
25 Comments
Turn off your iPhone | Low-key photo of older iPhone

Australia’s prime minister has echoed the advice of cybersecurity professionals, in recommending that you turn off your iPhone for five minutes every night.

No, it’s not so you can reduce your daily Screen Time to 23 hours and 55 minutes, but to stop any spyware that may be running in the background on your device …

Expand Expanding Close

US govt banned NSO’s Pegasus, but said to buy rival spyware Paragon Graphite

Avatar for Ben Lovejoy May 30 2023 - 4:16 am PT
0 Comments
Site default logo image

The US government banned the use of NSO’s Pegasus spyware 18 months ago, but a new report today says that at least one government agency is using very similar malware from a rival company: Paragon Graphite.

Graphite reportedly has the same capabilities as Pegasus, and the US Drug Enforcement Administration (DEA) is said to be using it …

Expand Expanding Close

Apple alerted Pegasus spyware victims during first known use in a military conflict

Avatar for Ben Lovejoy May 25 2023 - 4:20 am PT
2 Comments
Apple alerted Pegasus spyware victims | Photo of razor wire

Security researchers have documented the first known case of NSO’s Pegasus spyware being used in a military conflict. The hacks relate to the long-running military conflict between Armenia and Azerbaijan, over a region claimed by both countries.

The victims – who included a United Nations official, journalists, human rights advocates, and a former government minister – received alerts from Apple that their iPhones had been hacked …

Expand Expanding Close

NSO zero-click iPhone hack accessed HomeKit, but blocked by Lockdown Mode

Avatar for Ben Lovejoy Apr 18 2023 - 5:39 am PT
9 Comments
NSO zero-click iPhone hack | Screenshot of Lockdown Mode alert

An NSO zero-click iPhone hack worked by gaining access to HomeKit on the device, but it was blocked by those using Apple’s Lockdown Mode security feature, with the phone alerting them to the access attempt.

However, two other NSO zero-click attacks seemingly succeeded – both exploiting vulnerabilities in the Find My app …

Expand Expanding Close

Pegasus spyware journalists had to take extreme measures to avoid becoming victims

Avatar for Ben Lovejoy Feb 6 2023 - 4:36 am PT
5 Comments
Pegasus spyware journalists | Abstract image

Pegasus spyware journalists Laurent Richard and Sandrine Rigaud were the first to discover an extensive list of specific people being targeted by NSO’s clients. In working on the story, they said they had to take extreme privacy precautions to avoid their own devices being compromised.

One of the major uses of Pegasus has been to silence journalists working on revealing abuses by tyrannical governments, so the risk of their own devices being hacked without their knowledge was very real …

Expand Expanding Close

Pegasus spyware defended by NSO’s CEO, as researcher compares it to a nuclear weapon

Avatar for Ben Lovejoy Jan 26 2023 - 7:28 am PT
7 Comments
Pegasus spyware | Nuclear explosion

Pegasus spyware – a zero-click way of remotely hacking an iPhone, and gaining access to all the personal data stored on it – has been defended by the company’s CEO. NSO chief exec said that the company had made “mistakes” in selling it to repressive governments, but claimed that it now sells Pegasus only to countries to whom the US sells weapons.

A security researcher said that the comparison was bogus, stating that a more reasonable comparison would be selling long-range nuclear missiles …

Expand Expanding Close

Pegasus spyware used against anti-corruption journalists in Mexico, despite government promises

Avatar for Ben Lovejoy Oct 3 2022 - 4:49 am PT
1 Comment
Pegasus spyware used | iPhone shown in red lighting

A new report reveals that Pegasus spyware was used in Mexico after the president expressly said that the government no longer used the malware.

It was used to capture data from the phones of two journalists specialising in reporting on government corruption, as well as a prominent human rights defender …

Expand Expanding Close

iPhone Lockdown Mode can be easily detected, could make you a target

Avatar for Ben Lovejoy Aug 26 2022 - 4:14 am PT
13 Comments
iPhone Lockdown Mode

iPhone Lockdown Mode is an extreme form of security designed to protect people who might find themselves targets of state-sponsored spyware, like Pegasus. However, a privacy activist says it also makes it easy for a website to detect when someone is using it – and has demonstrated this.

So what is designed to be protection against rogue governments could actually end up helping them identify people who may be of interest …

Expand Expanding Close

Congress wants further crackdown on spyware makers like NSO, after earlier import ban

Avatar for Ben Lovejoy Jul 26 2022 - 6:28 am PT
0 Comments
Spyware makers | Man in darkened room using MacBook

Congress is set to vote on The Intelligence Authorization Act, intended to further punish spyware makers like NSO. It follows evidence that the company’s Pegasus spyware was used to hack iPhones used by American diplomats.

The Commerce Department had already named NSO as a threat to US national security, and banned the import and use of Pegasus, but the bill would take things further …

Expand Expanding Close

Latest Pegasus iPhone hack: Apple warned pro-democracy protestors in Thailand

Avatar for Ben Lovejoy Jul 18 2022 - 6:35 am PT
0 Comments
Pegasus iPhone hack | Protestors and police on the streets

The latest Pegasus iPhone hack to come to light targeted more than 30 pro-democracy protestors. Apple detected that their phones had been infected by NSO’s spyware, and alerted them.

Thailand has been the subject of multiple military coups over the years, the most recent of which was in 2014, with an army-backed leader still in power today after elections widely believed to have been fraudulent …

Expand Expanding Close

NSO Pegasus spyware used by at least five EU countries; interim report published

Avatar for Ben Lovejoy Jun 22 2022 - 6:19 am PT
0 Comments
Site default logo image

NSO Pegasus spyware has been used by at least five EU countries, admits the company. The admission was made as part of a European investigation into the impact of Pegasus, with an interim report now published.

It’s likely that the true number is higher, with the company promising to provide a ‘more concrete number’ …

Expand Expanding Close

iPhone spyware maker NSO struggled to make payroll; wants to sell to red-flagged countries

Avatar for Ben Lovejoy Jun 1 2022 - 4:58 am PT
0 Comments
iPhone spyware (purely decorative image)

The financial problems of iPhone spyware maker NSO were so bad by the end of last year that it struggled to make payroll – after the company failed to make a single sale over a period of several months.

The company, which sells software to remotely carry out zero-click hacks of both iPhones and Android smartphones, has been in deep trouble ever since it was blacklisted by the US government. However, its plan to overcome its woes could make Pegasus an even nastier threat …

Expand Expanding Close

Spanish prime minister’s iPhone infected by Pegasus spyware; defense minister, too

Avatar for Ben Lovejoy May 2 2022 - 6:28 am PT
0 Comments
Site default logo image

The Spanish prime minister’s iPhone was infected by NSO’s Pegasus spyware, says the government. Defense Minister Margarita Robles’ phone was also hit. This is just the latest in a slew of high-profile Pegasus attacks revealed within the last few weeks.

While it is foreign governments who would most want to target phones belonging to most prime ministers, there’s another obvious suspect in the case of Spain …

Expand Expanding Close

Pegasus targeted US iPhones indirectly; device infected in British prime minister’s office; Catalans targeted in Spain

Avatar for Ben Lovejoy Apr 18 2022 - 7:02 am PT
0 Comments
Site default logo image

NSO spyware Pegasus targeted US iPhones indirectly, despite the company forbidding customers from infecting phones with American SIMs. Devices belonging to Catalan politicians and others were also infected, with the Spanish government suspected to be responsible.

Additionally, it was discovered that a device connected to the network at 10 Downing Street – the office of British prime minister Boris Johnson – was also infected …

Expand Expanding Close

Pegasus hacked the iPhone of award-winning journalist, weeks after Apple’s injunction attempt

Avatar for Ben Lovejoy Apr 5 2022 - 7:02 am PT
0 Comments
Pegasus hacked the iPhone of award-winning journalist

It’s been revealed that NSO’s Pegasus hacked the iPhone of an award-winning journalist, just weeks after Apple sought an injunction that would bar the company from targeting iPhone users.

NSO’s Pegasus software is so dangerous for two reasons. First, it gives access to almost all the data on the phone, including messages, photos, and location. Second, it works via a zero-click approach …

Expand Expanding Close

US version of Pegasus spyware was bought and tested by the FBI in 2019, but never used

Avatar for Ben Lovejoy Jan 28 2022 - 6:14 am PT
0 Comments
US version of Pegasus was bought and tested by the FBI

A special US version of Pegasus smartphone spyware was created by NSO, and purchased by the FBI, a new report reveals today. The Drug Enforcement Agency, Secret Service, and the US military also held discussions with the Israeli spyware company.

Israel had always insisted that NSO make Pegasus incapable of being used on phones registered to US numbers in order to avoid angering a powerful ally, but an exception was granted…

Expand Expanding Close

Israel police reportedly use Pegasus spyware on country’s own citizens, without warrants

Avatar for Ben Lovejoy Jan 18 2022 - 6:22 am PT
0 Comments
trendmicro-antivirus-mac

It’s being reported today that Israel police are using NSO’s Pegasus spyware on the country’s own citizens, including opponents of former Prime Minister Benjamin Netanyahu. NSO had previously claimed that Pegasus would not be used within Israel.

The phone hacks are said to have been carried out without warrants and without any judicial oversight.

Expand Expanding Close

Latest suspected NSO phone hack: Journalists and activists in El Salvador

Avatar for Ben Lovejoy Jan 13 2022 - 4:07 am PT
0 Comments

Another suspected NSO phone hack has come to light, this of journalists and activists in El Salvador. Most of the journalists were working for an online news service that has been reporting extensively on alleged government corruption.

Two journalists contacted Citizen Lab after suspecting that their phones had been compromised, and an investigation confirmed their suspicions, and found that they weren’t the only ones …

Expand Expanding Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing