IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

AWS shuts down NSO Group infrastructure

The Israeli company’s Pegasus spyware was used to target at least 50,000 mobile phones

Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli firm NSO Group.

The news comes after an investigation found that the company’s Pegasus spyware was used to target at least 50,000 journalists, government and union officials, human rights activists, business executives, religious figures, academics, NGO employees, and lawyers.

Pegasus was used to extract messages, photos, and emails, as well as to record calls and activate microphones on iOS and Android devices.

NSO Group denied the accusations, stating that its tools are used “for the sole purpose of saving lives through preventing crime and terror acts”.

“Our technologies are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones,” the company announced.

However, AWS has branded NSO Group’s actions as “hacking activity”.

A spokesperson for the cloud computing provider told IT Pro that it had shut down NSO Group’s infrastructure as it “was confirmed to be supporting the reported hacking activity”.

This was “in accordance with [AWS’] terms of use”, they added.

Amnesty International, a partner of the Pegasus Project, a collective of 17 media organisations investigating the spyware, found evidence to suggest that NSO Group had only been an AWS customer for a few months.

One Pegasus-infected phone that was dissected by the organisation sent data "to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months”.

Amazon CloudFront is a content delivery network (CDN) that provides customers with the ability to deliver content, including data, videos, and APIs, securely with low latency and at a high speed.

“Amnesty International suspects the shutting down of the V4 infrastructure coincided with NSO Group’s shift to using cloud services such as Amazon CloudFront to deliver the earlier stages of their attacks,” said the human rights NGO, adding that “the use of cloud services protects NSO Group from some Internet scanning techniques”.

AWS didn’t elaborate on whether the decision to ban NSO Group from its services could be reconsidered in the future.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

AWS plans to be 'water positive' by 2030
data centres

AWS plans to be 'water positive' by 2030

28 Nov 2022
Amazon faces FTC probe over iRobot acquisition
Policy & legislation

Amazon faces FTC probe over iRobot acquisition

5 Sep 2022
Amazon gave police departments Ring footage without permission
privacy

Amazon gave police departments Ring footage without permission

14 Jul 2022
Amazon signs launch deals with Arianespace, Blue Origin and United Launch Alliance for Project Kuiper
broadband

Amazon signs launch deals with Arianespace, Blue Origin and United Launch Alliance for Project Kuiper

6 Apr 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022