{ "id": "7e0d79b3-4062-4109-a698-1f91d0781ef0", "created_at": "2026-04-06T00:11:54.230692Z", "updated_at": "2026-04-10T03:33:20.532735Z", "deleted_at": null, "sha1_hash": "565b7511add2e71a2265068ca49e368f2684a521", "title": "US State Dept employees\u0026rsquo; phones hacked using NSO spyware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 900235, "plain_text": "US State Dept employees\u0026rsquo; phones hacked using NSO spyware\r\nBy Sergiu Gatlan\r\nPublished: 2021-12-03 · Archived: 2026-04-05 15:02:59 UTC\r\nApple has warned US Department of State employees that their iPhones have been hacked by unknown attackers using an\r\niOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group.\r\nThe attacks hit US officials (at least 11 according to the Washington Post) based in or focused on matters concerning the\r\nEast African country of Uganda and took place in recent months, according to anonymous sources cited by Reuters today.\r\nWhile NSO canceled the customer accounts behind these intrusions and promised to investigate the attacks, a spokesperson\r\ntold Reuters—who first reported the attacks—that the company doesn't know what tools were used in the attack. NSO also\r\ndeclined to name the suspended customers.\r\nhttps://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full\r\ninformation we will have,\" an NSO spokesperson separately told Motherboard.\r\n\"To clarify, the installation of our software by the customer occurs via phone numbers. As stated before, NSO’s technologies\r\nare blocked from working on US (+1) numbers. Once the software is sold to the licensed customer, NSO has no way to\r\nknow who the targets of the customers are, as such, we were not and could not have been aware of this case.\"\r\nThe news of Department of State employees' phones being hacked to install Pegasus spyware comes on the heels of the US\r\nsanctioning NSO Group and three other companies from Israel, Russia, and Singapore last month for spyware development\r\nand selling hacking tools used by state-sponsored hacking groups.\r\nNSO and Candiru have been added to the Commerce Department's Bureau of Industry and Security (BIS) Entity List for\r\nsupplying the software used by state hackers to spy on government officials, journalists, and activists.\r\nPositive Technologies from Russia and Computer Security Initiative Consultancy PTE. LTD. from Singapore were\r\nsanctioned for the trafficking of exploits and hacking tools.\r\n\"Specifically, investigative information has shown that the Israeli companies NSO and Candiru developed and supplied\r\nspyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople,\r\nactivists, academics, and embassy workers,\" reads the Department of Commerce's final ruling.\r\nIn early November, Apple has also filed a lawsuit against NSO and its parent company for targeting and spying on Apple\r\nusers with surveillance tech.\r\nFor instance, NSO's ForcedEntry exploit (also used to hack the nine State Dept employees) was employed by state attackers\r\nto compromise Apple devices and install Pegasus spyware, as revealed by the Citizen Lab in August.\r\nApple added at the time that it will notify all users targeted using the ForcedEntry exploit (alerts that were also sent to the\r\nhacked State Dept employees) and those who will be targeted in state-sponsored spyware attacks in the future, \"in\r\naccordance with industry best practices.\"\r\nhttps://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/\r\nhttps://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/" ], "report_names": [ "us-state-dept-employees-phones-hacked-using-nso-spyware" ], "threat_actors": [ { "id": "38f8da87-b4ba-474b-83e6-5b04d8fb384b", "created_at": "2024-02-02T02:00:04.032871Z", "updated_at": "2026-04-10T02:00:03.532955Z", "deleted_at": null, "main_name": "Caramel Tsunami", "aliases": [ "SOURGUM", "Candiru" ], "source_name": "MISPGALAXY:Caramel Tsunami", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434314, "ts_updated_at": 1775792000, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/565b7511add2e71a2265068ca49e368f2684a521.pdf", "text": "https://archive.orkl.eu/565b7511add2e71a2265068ca49e368f2684a521.txt", "img": "https://archive.orkl.eu/565b7511add2e71a2265068ca49e368f2684a521.jpg" } }