Again and again, NSO Group customers continue to capture their spy operations

Thursday, Amnesty International publishes a new report Detailed attempts at hacks against two Serbian journalists, allegedly done with NSO GroupSpyware Pegasus.

The two journalists working at Serbia-based Balkan Investigation Network (Birn) received suspicious text messaging, including a relationship-vary phishing attack, according to a non-profit purpose. In one case, Amnesty said that his researchers were able to click on the relationship in a safe environment and see that this led to a domain they had previously identified as belonging to the infrastructure of NSO Group.

“Amnesty International has spent years tracking NSO Group Pegasus Spyware and how it is used to target activists and journalists,” told TechCrunch Donncha ó Cearbhaill, head of Amnesty Security Laboratory. “This technical study allowed Amnesty to identify malicious websites used to deliver Pegasus spyware, including the specific Pegasus domain used in this campaign.”

By his point, security researchers such as ó Cearbhaill, who have been leading sections for NSO activities for years, are already so good at noticing company signs spyware Sometimes all researchers have to make a quick look at a domain involved in the attack.

In other words, NSO Group and its customers lose their battle to stay in the shadows.

“NSO has a major problem: they are not as good at hiding as their customers think,” said John Scotton, a senior researcher at The Citizen Lab, an organization for human rights investigating spyware abuses since 2012, “TechCrunch told.

There is solid evidence that proving what ó Cearbhaill and Scott-Rilton believe in.

In 2016, Citizen Lab publishes the first technical report Once documenting an attack with Pegasus, which was against the dissident of the United Arab Emirates. Since then, for less than 10 years, researchers have identified at least 130 people worldwide, targeted or hacked with NSO Group spyware, According to running by a security researcher Runa SandvikS

The large number of casualties and goals can partly be explained by The Pegasus ProjectA collective journalistic initiative to investigate NSO Group’s spyware abuse, which is based on an expiring list of more than 50,000 telephone numbers, which is alleged to have been entered into a NSO Group target system.

But there are also dozens of casualties identified by Amnesty, Citizen Lab and Access Now, another non -profit purpose that helps protect civil society from spyware attacks that did not rely on this leaking list of telephone numbers.

A NSO Group spokesman did not answer a request for a comment that included questions about the invisibility of Pegasus or its absence and whether NSO Group customers were concerned about it.

In addition to non -profit, NSO’s spyware continues to be caught by Apple that has been send Notifications to victims of spyware around the world, often encouraging people who have received these notifications To get help from Access nowAmnesty and Citizen Lab. These discoveries led to more technical reports documenting spy attacks made with Pegasus, as well as spyware made by other companies.

Perhaps the NSO Group problem is based on the fact that it is sold to countries that use their spyware indiscriminately, including reporters and other members of civil society.

“The OPSEC error that NSO Group makes here surgical securityS