An iPhone belonging to an employee of a Washington non-governmental organization was remotely hacked using spyware created by Israel’s NSO Group. The hack was discovered last week and reported to Apple Inc., according to John Scott-Railton, a senior research fellow at the Citizen Lab at the University of Toronto’s Munk School. , quickly investigated and remedied the breach.

“The seriousness of this zero-click attack, coupled with the fact that it has been widely used against civil society in the wild, makes it clear that this is something that needs to be taken very seriously and prioritized, and we’re pleased that it’s been done,” Apple said in an interview.

The NSO group has been under US sanctions since 2021 over the Pegasus hacking tool, which some governments have used to attack journalists and dissidents outside their borders. This is a so-called clickless attack, in which the user does not have to click on a link for malware to install software that can turn phones into real-time surveillance devices.

Citizen Lab named the BLASTPASS exploit chain in a blog post on Thursday, saying it could compromise an iPhone running the latest version of Apple’s operating system without any interaction with the victim. An Apple spokesperson confirmed this information.

A spokesperson for NSO Group said: “We cannot respond to any claims that do not include any supporting research.”

Citizen Lab did not identify the targeted individual or organization. Earlier this year, an investigative group found that NSO Group used at least three “zero touch” techniques to infiltrate civil society groups and that the company’s tools were linked to spying on prominent figures in Armenia, including a UN official.

In reporting the latest breach, Citizen Lab recommended that “anyone who may face increased risk because of who they are or what they do should turn on locking on their devices.” Lock mode severely limits apps and features on one’s phone, such as blocking most attachments in messages.

The report comes as NSO Group faces increasing scrutiny around the world. On Thursday, the Polish Senate announced the results of an investigation into the use of Pegasus in the 2019 parliamentary elections, which found violations of constitutional standards and said the vote was unfair due to the use of spyware.

In August, the Israeli government announced it was establishing a commission to investigate whether police were misusing spyware in criminal investigations, including programs created by the NSO Group. Source