On the same day Apple announced a lawsuit against Israeli spyware vendor NSO Group for developing hacking tools to help breach iOS technology, the company was notifying potential targets of those exploits.
El Faro, a news organization in San Salvador, El Salvador, reported late Tuesday that 12 of its staff members received notices from the company, which warned that that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.” The company also sent notices to four others in San Salvador who are “leaders of Civil Society organizations and opposition political parties,” the news organization reported.
Notices were also sent to six Thai activists and researchers critical of the government there, Reuters reported.
NSO Group develops software designed to allow access to target devices through various bugs in Apple’s technology. A company spokesperson told CyberScoop Tuesday that its work is to “provide governments the lawful tools” to fight crime. Any abuses of its software will be investigated, the company claims, though repeated stories over several years paint a picture of the software being used by authoritarian governments to crack down on human rights activists, journalists, and political opposition.
El Faro did not attribute the alleged targeting using the NSO Group software. However the government of El Salvador, led by President Nayib Bukele, has been accused by critics of leading an effort to undermine judicial independence, political opposition and an independent press. An El Faro editor was expelled from the country in July, the New York Times reported.
In announcing its suit against NSO Group, Apple said that the FORCEDENTRY spyware, built by NSO Group, was “used to attack a small number of Apple users worldwide.” The company would be notifying the uses that it discovered the possible targeting using the exploit. “Any time Apple discovers activity consistent with a state-sponsored spyware attack, Apple will notify the affected users in accordance with industry best practices,” the company’s announcement read.
Apple representatives did not immediately respond to a request for comment. El Faro did not immediately respond to a request for comment.
Apple’s notice to the El Faro staffers said the “attackers are likely targeting you individually because of who you are or what you do.” If the device was compromised, the attacker would be able to remotely access sensitive data, communications, or even the camera and microphone, the notice read. “While it’s possible this is a false alarm, please take this warning seriously.”
NSO Group has a history of operating in the region. The government of Mexico was one of the company’s first major clients and served as “something of a laboratory for the spy technology,” the Guardian reported this summer as part of a broad expose of the technology’s abuse in that country. A Mexican businessman was arrested on and charged with using the technology to spy on a journalist, the paper reported on Nov. 9.