According to four individuals familiar with the situation, the iPhones of at least nine U.S. State Department workers had been compromised by an unidentified man using advanced spyware produced by the Israel-based NSO Group.
The attacks, which occurred in the previous few months, targeted U.S. officials who were either based in Uganda or focused on issues about the East African country, according to two of the sources.
The attacks, which were first revealed here, are the most extensive known hacks of US officials using NSO technology. Earlier, a database of numbers with prospective targets that included certain American leaders surfaced in NSO reporting, although it was unclear if incursions were always attempted or successful.
NSO Group stated in a statement that it had no evidence that its tools had been used, but that it had canceled access for the relevant clients and therefore would investigate.
"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," said an NSO spokesperson, who added that NSO will also "cooperate with any relevant government authority and present the full information we will have."
NSO has always stated that it exclusively sells its products to government law enforcement and intelligence agencies to assist them in monitoring security concerns and that it is not intimately associated with surveillance operations.
A State Department official refused to respond to the intrusions and pointed to the Commerce Department's recent decision to place the Israeli corporation on an entity list, making it more difficult for US businesses to do business with them.
NSO Group and another spyware firm were "added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, business people, activists, academics, and embassy workers," the Commerce Department said in an announcement last month.
According to product instructions reviewed by Reuters, the NSO application is capable of not just stealing encrypted messages, images, and other confidential material from compromised phones, but also turning them into recording devices to watch their surroundings.
The developer of the spyware employed in this hack was not named in Apple's advisory to affected consumers. According to two of the people who were alerted by Apple, the victims included American residents who were easily identified as U.S. government officials because they paired email addresses ending in state.gov with their Apple IDs.
According to the sources, they and other victims alerted by Apple in multiple countries have been affected by the same graphics processing vulnerability.
The Israeli embassy in Washington stated in a statement that targeting American officials would be a major violation of its norms.
"Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes," an embassy spokesperson said. "The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions."
