Posted on November 1, 2019 at 3:35 PM
A new WhatsApp Malware Targeting Government Officials Discovered
The threat of new malware attacks remains a constant danger, and according to recent reports — not even the government officials are safe from them. The reports indicate that hackers are using Facebook-owned WhatsApp to spread malware and target numerous government officials in the US, but also the officials of its allies.
The attack allegedly took place earlier in 2019, and it supposedly affected government and military officials of 20 different nations, possibly more. WhatsApp itself reacted by starting out an official investigation which discovered that the officials were likely not the only ones who were affected by the attack.
The investigation results claim that some human rights activists and journalists around the world were targeted as well. WhatsApp contacted the individuals that are suspected to be the attackers’ targets, notifying them of the situation.
Who is behind the attack?
While the company’s investigation did not reveal the party responsible for the attack, it would appear that the tools used for the attack were developed by Israeli developer known as NSO Group. WhatsApp reacted by filing a lawsuit against the group, claiming that it was their software that exploited the service’s servers.
The exploit resulted in hackers gaining access to at least 1,400 phones. The affected individuals are located all over the world, according to the lawsuit, allegedly living in countries such as the US itself, India, Pakistan, Bahrain, the UAE, and Mexico. The lawsuit did not specify whether the affected individuals in these countries included government and military officials, however.
NSO Group responded to the allegations by denying its involvement, stating that its tools are developed and sold only to government clients. This may indicate that one of the governments around the world may have obtained the tools, and provided them to the hacking team responsible.
It is suspected that hackers then infected the smartphones of their targets in order to steal foreign governments’ secrets. NSO Group, on the other hand, claims that it produces its tools to help governments identify and apprehend terrorists and criminals — not to help nations spy on one another.
However, according to security researchers, NSO Group’s tools were previously used for spying on a much wider range of targets than just suspected terrorists and criminals, and that they were used against regular citizens and protesters.
Malware victims were not under official investigations
Another independent research group hired by WhatsApp, known as CitizenLab, revealed that over 100 of the affected individuals were regular citizens, human rights activists, and journalists, and not criminals. As mentioned, WhatsApp notified all of its users that are believed to be affected by the hack, explaining the situation earlier this week.
According to CitizenLab’s John Scott-Railton, it is no secret that tools and technologies developed for law enforcement often end up in the hands of state-sponsored hackers. Such technologies are then used for state-on-state cyber-espionage, which may be what the current situation actually is, as well.
WhatsApp also compared its list of suspected targets against all existing information requests submitted by law enforcement. The company’s goal was to try to find whether there are any victims of the hack that may have been suspected of having ties to terrorist groups or being persons of interest in criminal investigations. The company has a special online portal that governments and law enforcement services can use to submit such surveillance or information requests.
However, according to their findings, there were no significant overlaps, as reported by a source familiar with the investigation. For now, the party responsible for the attacks remains unknown, although the investigation is likely to continue.