What just happened? This week Reuters reported that hackers used the controversial Pegasus spyware from the NSO group to breach nine US State Department employees’ iPhones. It isn’t known yet who is responsible, but this represents the most critical known cyberattack involving US officials and Pegasus.

Reuters’ sources indicated that US officials, either based in Uganda or working on issues concerning Uganda, received warnings from Apple that their iPhones were being targeted with spyware from Israel-based NSO over the last several months.

The spyware uses a zero-click exploit to access an iPhone’s texts, photos, and videos to spy on a target. It can even turn on the phone’s microphone. It works by sending a compromised message to the target through iMessage and doesn’t require the victim to do anything to become infected.

When you wake up to a threat notification from @Apple that your iPhone is being targeted then you know that cyber terrorism from state sponsored cyber terrorists is real. pic.twitter.com/1uZ9eIf1FR

— Norbert Mao (@norbertmao) November 24, 2021

The NSO group says it doesn’t directly conduct surveillance operations. Instead, it sells its technology to law enforcement and intelligence agencies. In a statement this week, NSO said it canceled access to the tools for the relevant customers and would investigate based on Reuters’ report. The group promised that if the investigation found that the customer in question used Pegasus against US officials, they would be banned permanently, and NSO would take legal action.

The company claims Pegasus doesn’t work on American phones with numbers that start with national code +1, but the US officials’ phones in question used foreign numbers.

Apple issued an emergency patch to close the vulnerability used by Pegasus in September. Last month it filed a federal case against NSO group, seeking to claim damages and stop NSO from using any Apple products and services in the future.