Once more, NSO Group's clients are busted with their spyware schemes!

On Thursday, Amnesty International revealed a new report exposing attempted hacks against Serbian journalists using NSO Group’s Pegasus spyware. The journalists, part of the Balkan Investigative Reporting Network (BIRN), received suspicious messages with phishing links. Amnesty researchers found that the links led to domains linked to NSO Group. According to Donncha Ó Cearbhaill from Amnesty’s Security Lab, years of tracking NSO Group’s Pegasus spyware have allowed them to identify malicious websites used in these attacks.

NSO Group Losing Battle to Stay Hidden

Security researchers like Ó Cearbhaill and John Scott-Railton from The Citizen Lab have become adept at spotting signs of NSO’s spyware. As a result, NSO Group and its customers are struggling to remain in the shadows. Citizen Lab published the first technical report detailing a Pegasus attack in 2016, targeting a UAE dissident. Since then, over 130 individuals worldwide have been targeted or hacked with NSO Group’s spyware.

NSO Group’s Spyware Exposed

The Pegasus Project, a collective effort to investigate NSO Group’s spyware abuse, has uncovered a list of over 50,000 phone numbers allegedly targeted by NSO Group. Despite this, Amnesty, Citizen Lab, and Access Now have identified numerous victims without relying on this list. Apple has also been notifying victims of spyware globally, leading them to seek help from organizations like Access Now, Amnesty, and Citizen Lab.

NSO Group’s Operational Security Mistakes

NSO Group’s spyware continues to be exposed by various organizations and Apple. The company’s practice of selling to countries that target journalists and civil society members indiscriminately poses a significant operational security risk. Ó Cearbhaill points out that this mistake may lead to countries exposing themselves through their use of NSO Group’s spyware.