The NSO Group, an Israeli company, remotely hacked an iPhone owned by a staff member of a civil society organization based in Washington using their spyware.
The hack was discovered last week and reported to Apple Inc., which moved quickly to investigate and fix the breach, according to John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto’s Munk School.
The US has sanctioned NSO Group since 2021 over its Pegasus hacking tool, which has been used by some governments to target journalists and dissidents across borders. It is the so-called zero-click hacking, where the user does not need to click on a link for malware to install software that can turn phones into real-time surveillance devices.
“The severity of the attack, which is zero clicks, combined with the fact that it was actively used in the wild against civil society, makes it clear that this is the kind of thing that needs to be taken very seriously and prioritized. We’re glad Apple did that,” Scott-Railton said in the interview.
Citizen Lab called out the exploit chain on the BLASTPASS blog on Thursday, saying it was able to compromise iPhones running the latest version of Apple’s operating system without the victim’s interaction. An Apple spokesperson confirmed the account.
“We are unable to respond to claims that do not include supporting research,” an NSO Group spokesperson said. The company has previously said that Pegasus does not work on phone numbers with the 1 area code used in the US and Canada.
Citizen Lab did not identify the person or organization that was targeted. Earlier this year, the investigative team found that NSO Group had used at least three zero-click methods to hack civil society groups, and the company’s tools have been linked to spying on prominent Armenian figures, including a United Nations official.
In reporting on the latest breach, Citizen Lab recommended “anyone who may face increased risk due to their habits or activities to enable lockdown mode” on their devices. Lock mode severely limits the apps and features on a person’s phone – for example, blocking most message attachments.
The report comes as NSO Group has come under increased scrutiny around the world. On Thursday, the Polish Senate released the results of an investigation into the use of Pegasus in the 2019 parliamentary elections, which found a violation of constitutional norms and concluded that the vote was not fair due to the use of spyware.
The Israeli government announced in August that it has established a commission to investigate whether police have misused spyware, including NSO Group apps, in criminal investigations.
(Updates with additional information from NSO Group in paragraph six. An earlier version of the story corrected the headline to remove that it was a US phone.)