Skip to main content

NSO Group, maker of Pegasus spyware for iPhone and Android

See All Stories
NSO Group

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.

NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted. A report by Amnesty International that said that Pegasus was being used to mount zero-click attacks against human rights activists and other innocent targets.

An explosive report from Amnesty International interpreted device logs to reveal the scope of targeted malware attacks in active use targeting Android and iPhone devices, since July 2014 and as recently as July 2021. Exploited devices can secretly transmit messages and photos stored on the phone, as well as record phone calls and secretly record from the microphone. The attack is sold by Israeli firm NSO Group as ‘Pegasus’.

Whilst the company claims to only sell the spyware software for legit counterterrorism purposes, the report indicates it has actually been used to target human rights activists, lawyers and journalists around the world (as many have long suspected).

In July 2021, Apple issued an iOS security fix that appears to match the exploit reportedly used by NSO, though security researchers say that Apple needs to do more.

NSO initially made contradictory statements, first saying that it had no way to monitor how its software was used, and subsequently denying that it was used against the targets described in Amnesty’s report. It then said it would issue no further statements, and would not be answering any questions from the media.

The US government banned the import and use of Pegasus, depriving the company of its most lucrative customer base: US law enforcement agencies. Apple added to the pressure, suing the company, and alerting owners of infected iPhones. That put the company under extreme financial pressure, which may see it disappear – or may just make things worse.

For those most at risk – such as diplomats, politicians, government opponents, and activists – Apple has made available iPhone Lockdown Mode, which disables the most common attack paths.

Israel police reportedly use Pegasus spyware on country’s own citizens, without warrants

trendmicro-antivirus-mac

It’s being reported today that Israel police are using NSO’s Pegasus spyware on the country’s own citizens, including opponents of former Prime Minister Benjamin Netanyahu. NSO had previously claimed that Pegasus would not be used within Israel.

The phone hacks are said to have been carried out without warrants and without any judicial oversight.

Expand Expanding Close

Latest suspected NSO phone hack: Journalists and activists in El Salvador

Another suspected NSO phone hack has come to light, this of journalists and activists in El Salvador. Most of the journalists were working for an online news service that has been reporting extensively on alleged government corruption.

Two journalists contacted Citizen Lab after suspecting that their phones had been compromised, and an investigation confirmed their suspicions, and found that they weren’t the only ones …

Expand Expanding Close

New report suggests Uganda used NSO spyware to hack State Department iPhones

Uganda used NSO spyware to hack State Department iPhones

We learned earlier this month that NSO’s Pegasus spyware was used to hack US State Department iPhones in Uganda, with no clue at the time who the attacker was.

A new report strongly suggests that the Ugandan government was behind the attacks, as the country – which has an appalling human rights record – is now known to have purchased the spyware. It also appears that this was, indirectly, the tipping point that led to NSO’s downfall…

Expand Expanding Close

After US ban and Apple action, Pegasus spyware maker NSO running out of cash

Pegasus spyware maker NSO running out of cash

Pegasus spyware maker NSO Group is reportedly running out of cash following actions by both the US government and Apple. This has led the company to explore options to put itself up for sale.

Two US funds have expressed an interest, claiming that they would change the company’s mission from offensive to defensive, though skepticism has been expressed about this …

Expand Expanding Close

Apple alerted Polish prosecutor that her iPhone has likely been compromised by NSO

Site default logo image

As part of hitting back at spyware company NSO, Apple alerted a Polish prosecutor that her iPhone appears to have been compromised by Pegasus. This also gives us our first look at the text of Apple’s security alerts.

Although Poland has not admitted purchasing and using the spyware, there is significant evidence that it has done so …

Expand Expanding Close

Apple will alert customers who may have been targeted by NSO

Apple will alert customers who may have been targeted by NSO

Journalists, lawyers, politicians, and human rights activists have all been targeted by NSO’s Pegasus software, and Apple has now said that it will send security alerts to customers whose devices may be been compromised. It has already done so for at least five Thai activists and researchers.

It follows Apple’s announcement yesterday that it is suing NSO for attacking iOS users …

Expand Expanding Close

NSO – whose Pegasus spyware hacks iPhones – officially named by US as a national security risk

Pegasus spyware sees NSO named as US national security risk

The NSO group, whose Pegasus spyware is used to hack iPhones and Android smartphones, has been officially named by the US government as a threat to national security.

The Commerce Department’s Bureau of Industry and Security (BIS) has added the Israeli company to the Entity List, which bans the company’s products from being imported, exported or passed from one organization to another within the US.

Expand Expanding Close

NYT journalist describes his iPhone being hacked, and the precautions he now takes

NYT journalist describes his iPhone being hacked

A New York Times journalist covering the Middle East has described the experience of his iPhone being hacked, and the security precautions he now takes as a result.

Ben Hubbard says there were four attempts to hack his iPhone, and that two of them succeeded, with all the signs pointing to the use of NSO’s Pegasus spyware.

Expand Expanding Close

German government admits buying Pegasus spyware, says ‘limited’ to respect privacy laws

German government admits buying Pegasus spyware

The German government has reportedly admitted to buying Pegasus spyware, despite the fact that using some of the functionality would break privacy laws in the country. Privacy is a particularly hot-button issue in the country, given the country’s history.

Sources cited in the report say that the version purchased from NSO had certain features disabled so that its use would be lawful in the country …

Expand Expanding Close

New Pegasus zero-click iPhone attack defeats Apple’s Blastdoor protections

New Pegasus zero-click iPhone attack

A newly discovered NSO Pegasus zero-click iPhone attack against a human rights activist managed to succeed despite Apple’s Blastdoor protections, according to security researchers at Citizen Lab.

It is unclear, however, whether the protections Apple added to iOS 14.7.1 would have succeeded in blocking the attack, as it took place at a time when iOS 14.6 was the latest version available …

Expand Expanding Close

Governments reportedly used Pegasus spyware to post private photos of female journalists

Pegasus spyware used to post private photos of female journalists

NSO’s Pegasus spyware has reportedly been used by governments to obtain private photos from the phones of female journalists and activists.

These photos were then posted online with the aim of attacking their reputation, in at least one case by falsely suggesting that a bikini photo was taken at the home of a journalist’s boss …

Expand Expanding Close

NSO blocks more clients from using its Pegasus spyware after government pressure

Pegasus spyware suspension

NSO has blocked more clients from using its Pegasus spyware, according to a source within the company, while it investigates reports of misuse.

The Israeli company was reported to have previously blocked five governments from using the malware after conducting a “human rights audit,” and has now suspended access to others …

Expand Expanding Close

iOS security researcher Will Strafach agrees Apple can do more in combating NSO

Combating NSO requires Apple to do more

iOS security researcher Will Strafach agrees with a recent claim that Apple can do more when it comes to combating NSO and others who exploit combat zero-day vulnerabilities in iOS.

It follows a report by Amnesty International that said that NSO spyware Pegasus was being used to mount zero-click attacks against human rights activists, lawyers, and journalists …

Expand Expanding Close

Apple can and must do more to prevent NSO attacks, says Johns Hopkins security professor

Site default logo image

An associate professor at the Johns Hopkins Information Security Institute has said that Apple can and must do more to prevent NSO attacks.

He argues that while it’s true that it is impossible to completely prevent exploits based on zero-day vulnerabilities, there are two steps that the iPhone maker can take to make NSO’s job much harder …

Expand Expanding Close

Apple defends iPhone security amid NSO’s Pegasus zero-click iMessage exploit

Over the weekend, an explosive report from Amnesty International detailed targeted attacks towards target human rights activists, lawyers, and journalists using Apple’s iMessage system as a vector by which to deliver the zero-click attacks. In a new statement provided to the Washington Post, Apple defended its security practices and said it leads the industry in security innovation.

Expand Expanding Close

Report: active zero-click iMessage exploit in the wild targeting iPhones running the latest software, used against activists and journalists

iMessage

An explosive report from Amnesty International interpreted device logs to reveal the scope of targeted malware attacks in active use targeting Android and iPhone devices, since July 2014 and as recently as July 2021. Exploited devices can secretly transmit messages and photos stored on the phone, as well as record phone calls and secretly record from the microphone. The attack is sold by Israeli firm NSO Group as ‘Pegasus’.

Whilst the company claims to only sell the spyware software for legit counterterrorism purposes, the report indicates it has actually been used to target human rights activists, lawyers and journalists around the world (as many have long suspected).

Expand Expanding Close

NSO Android and iPhone spyware is linked to assaults and murder of dissidents – Amnesty

NSO Android and iPhone spyware database

Android and iPhone spyware sold by NSO Group enables state terror attacks in multiple countries, according to a new database released by Amnesty International and partner organizations.

NSO uses zero-day exploits to develop spyware for both iPhones and Android smartphones, allowing users to read text messages and emails, monitor contacts and calls, track locations, collect passwords, and even switch on the smartphone’s microphone to record meetings …

Expand Expanding Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications