Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli firm NSO Group.
The news comes after an investigation found that the company’s Pegasus spyware was used to target at least 50,000 journalists, government and union officials, human rights activists, business executives, religious figures, academics, NGO employees, and lawyers.
Pegasus was used to extract messages, photos, and emails, as well as to record calls and activate microphones on iOS and Android devices.
NSO Group denied the accusations, stating that its tools are used “for the sole purpose of saving lives through preventing crime and terror acts”.
“Our technologies are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones,” the company announced.
However, AWS has branded NSO Group’s actions as “hacking activity”.
A spokesperson for the cloud computing provider told IT Pro that it had shut down NSO Group’s infrastructure as it “was confirmed to be supporting the reported hacking activity”.
This was “in accordance with [AWS’] terms of use”, they added.
Amnesty International, a partner of the Pegasus Project, a collective of 17 media organisations investigating the spyware, found evidence to suggest that NSO Group had only been an AWS customer for a few months.
One Pegasus-infected phone that was dissected by the organisation sent data "to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months”.
Amazon CloudFront is a content delivery network (CDN) that provides customers with the ability to deliver content, including data, videos, and APIs, securely with low latency and at a high speed.
“Amnesty International suspects the shutting down of the V4 infrastructure coincided with NSO Group’s shift to using cloud services such as Amazon CloudFront to deliver the earlier stages of their attacks,” said the human rights NGO, adding that “the use of cloud services protects NSO Group from some Internet scanning techniques”.
AWS didn’t elaborate on whether the decision to ban NSO Group from its services could be reconsidered in the future.
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Samsung Galaxy Tab S10 FE reviewReviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
-
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victimsNews Attackers are using AWS’ server-side encryption to conduct ransomware attacks
-
Amazon confirms employee data compromised amid 2023 MOVEit breach claims – but the hacker behind the leak says a host of other big tech names are also implicatedNews Millions of records stolen during the 2023 MOVEit data breach have been leaked
-
Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customersThe firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely
-
Greek intelligence allegedly uses Predator spyware to wiretap Facebook security stafferNews The employee’s device was infected through a link pretending to confirm a vaccination appointment
-
North Korean-linked Gmail spyware 'SHARPEXT' harvesting sensitive email contentNews The insidious software exfiltrates all mail and attachments, researchers warn, putting sensitive documents at risk
-
Young hacker faces 20-year prison sentence for creating prolific Imminent Monitor RATNews He created the RAT when he was aged just 15 and is estimated to have netted around $400,000 from the sale of it over six years
-
European company unmasked as cyber mercenary group with ties to RussiaNews The company that's similar to NSO Group has been active since 2016 and has used different zero-days in Windows and Adobe products to infect victims with powerful, evasive spyware
-
Mysterious MacOS spyware discovered using public cloud storage as its control serverNews Researchers have warned that little is known about the 'CloudMensis' malware, including how it is distributed and who is behind it
