Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli surveillance vendor NSO Group, days after it was revealed that Pegasus spyware targeted people in several countries, including over 300 mobile phone numbers in India.
A forensic investigation published by Amnesty International on Sunday stated that NSO customers have had access to zero-day attacks in Apple's iMessage as recently as this year.
A zero-day attack takes place once an exposed flaw or a vulnerability in a software is exploited, and a malware is released.
As part of that research, Amnesty added that a phone infected with NSO's Pegasus malware sent information "to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months", VICE reported.
Meanwhile, Citizen Lab, after independently observing the NSO Group, stated that the group began to make extensive use of Amazon's services, including CloudFront in 2021.
CloudFront is a content delivery network (CDN) that allowed NSO to deliver content to users more quickly and reliably.
CloudFront infrastructure was used in deployments of NSO's malware against targets, VICE reported.
Why Is This Important?
Using services of CloudFront, NSO stays somewhat protected from third parties trying to expose the company's infrastructure.
Amnesty's report added, "The use of cloud services protects NSO Group from some Internet-scanning techniques," VICE reported.
What NSO Has Said:
Reiterating that NSO does not operate the systems that it sells to vetted government customers and neither does it have access to the data of its customers’ targets, the Israel based group said, "NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers", The Guardian reported.
The statement further added, "Due to contractual and national security considerations, NSO cannot confirm or deny the identity of our government customers, as well as identity of customers of which we have shut down systems."
What Is the Pegasus Spyware?
Pegasus exploits a vulnerability via WhatsApp to get into a user's device and gains access to all the apps on the phone.
The Pegasus spyware contains a code that is capable of spying, collecting data, and reporting back on what the user does on the device – everything; calls, e-mails, texts, location, app data, etc. It remotely collects all the information about a target's device, wherever they are.
The report published by The Wire, said that it consisted of at least 300 Indian phone numbers, including those of over 40 senior journalists, Opposition leaders, government officials, and rights activists.
The leaked list of names was provided to The Wire and 15 other international news organisations by France-based media non-profit, Forbidden Stories, and Amnesty International, as part of a collaborative investigation called the 'Pegasus Project'.
(With inputs from VICE)