Ugandan President Yoweri Museveni (right) and Uganda’s First Lady Janet Museveni (2nd from right) pose for photo with then-prime minister Benjamin Netanyahu and his wife Sara Netanyahu at the State House in Entebbe, Uganda, on February 3, 2020. Photo Sumy Sadurni/AFP
Israeli spyware firm NSO Group’s software was reportedly used by an unknown assailant to hack the cell phones of at least nine United States State Department employees, in what — if confirmed — would be the first time the embattled company’s technology was used to target American officials.
The hack targeted State Department workers in Uganda or those specializing in the East African country, two sources familiar with the matter told Reuters on Friday.
All of the American staff targeted were using iPhones. Last week, Apple announced that it was suing the NSO Group for targeting the users of its devices, saying the firm at the center of the Pegasus surveillance scandal needs to be held accountable.
The suit from the Silicon Valley giant adds new trouble for NSO, which was engulfed in controversy over reports that tens of thousands of activists, journalists and politicians were listed as potential targets of its Pegasus spyware.
While the phone numbers of US officials were included on a long list of potential targets revealed in a series of media reports earlier this year, it was never confirmed whether those phones were actually hacked.
NSO Group says its hacking software cannot work on phones that begin with the US +1 country code. However, the allegedly hacked State Department employees were using local phones in Uganda, Reuters said.
Responding to the report, which did not identify who had ordered the alleged hacking, NSO Group said it did not have any indication that its software was used in such a hack, but canceled the relevant accounts and pledged to investigate the matter.
“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” said an NSO spokesperson, who added that NSO will also “cooperate with any relevant government authority and present the full information we will have,” the firm said in a statement.
Asked for comment, the State Department only pointed to the recent decision by the Commerce Department to blacklist the Israeli company, making it harder for US firms to do business with it.
“We have been acutely concerned that commercial spyware like NSO Group software poses a serious counterintelligence and security risk to US personnel,” White House press secretary Jen Psaki said at a briefing later on Friday.
Both the Ugandan Embassy and Apple declined Reuters’ request for comment.
Noting “systemic abuse” in multiple countries by the Israeli firm, a senior Biden administration official speaking on condition of anonymity told Reuters that such hacking was the reason that the US decided to crack down on groups like NSO.
The Israeli embassy in Washington said in a statement that the targeting of US officials would be a serious breach of its rules. The Defense Ministry must authorize the sale of spyware firms’ products abroad.
“Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes,” a spokesperson for the Israeli embassy said. “The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions.”
Israel’s ties with Uganda expanded dramatically in recent years, particularly under former prime minister Benjamin Netanyahu who was considered close to Ugandan President Yoweri Museveni.
Netanyahu visited Uganda in 2020 where Museveni mediated between Israel and Sudan.
The US has been critical of human rights abuses in Uganda.
NSO Group has faced a torrent of international criticism over allegations it helps governments spy on dissidents and rights activists. NSO insists its product is meant only to assist countries in fighting crime and terrorism.
Marketed to governments for use solely against terrorists and criminals, Pegasus gives operators the ability to effectively take full control of a target’s phone, download all data from the device, or activate its camera or microphone without the user knowing.
The software has allegedly been abused by NSO customers to spy on human rights activists, journalists and politicians from Saudi Arabia to Mexico, including such high-profile targets as the fiancee of Jamal Khashoggi, the Saudi journalist murdered in his country’s consulate in Istanbul.
NSO Group was asked by The Associated Press prior to Friday’s news whether it could survive as long as it is on the Commerce Department’s entity list. While not directly responding, it said it was “working on all appropriate channels to reverse the Department of Commerce’s decision.” - THE TIMES OF ISRAEL AP contributed to this report