Dozens of Al Jazeera journalists were allegedly hacked with the help of spyware developed by Israeli firm NSO Group, cyber-security researchers say. Details of the alleged hack targeting iPhones of 36 members of staff, including TV anchors and executives, have been published in a report by Citizen Lab at the University of Toronto.
Citizen Lab researchers say they concluded with “medium confidence” that two attackers who had spied on the phones of Al Jazeera journalists were doing so on behalf of the Saudi Arabian and UAE governments. The KISMET exploit chain doesn’t work against iOS 14 and above because the new mobile iOS implements additional security protections. It says a vulnerability in iPhone operating system software was used. Experts believe that the number of targeted individuals is much higher given the global reach of NSO Group’s customer base. The campaign aimed at Al Jazeera’s employees is politically motivated, the Qatar-based news agency is a privileged target of hackers working for the neighboring countries due to the tensions between the local governments.
NSO Group has denied the allegation, saying it “lacks any evidence”. According to the Citizen Lab’s report, the Kismet hacking tool was sold at least to four organizations that used it against Al Jazeera employees from all over the world. These surgical attacks took place between July and August 2020, but experts speculate the attack are going on since at least October 2019.