Image: Jason Alden/Bloomberg via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Amnesty International published a forensic investigation on Sunday that, among other things, determined that NSO customers have had access to zero-day attacks in Apple's iMessage as recently as this year. As part of that research, Amnesty wrote that a phone infected with NSO's Pegasus malware sent information "to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months." The Amnesty report included part of the same statement from Amazon, showing Amnesty contacted the company before publication.Citizen Lab, in a peer review of Amnesty's findings, said in its own post that the group "independently observed NSO Group begin to make extensive use of Amazon services including CloudFront in 2021."
CloudFront is a content delivery network (CDN) that allows customers, in this case NSO, to more quickly and reliably deliver content to users. "Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment," CloudFront's website reads.Do you work at NSO Group, did you used to, or do you know anything else about the company? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
Advertisement