Again and Again, NSO Group's Customers Keep Getting Their Spyware Operations Caught

An anonymous reader shares a report: Amnesty International published a new report this week detailing attempted hacks against two Serbian journalists, allegedly carried out with NSO Group's spyware Pegasus. The two journalists, who work for the Serbia-based Balkan Investigative Reporting Network (BIRN), received suspicious text messages including a link -- basically a phishing attack, according to the nonprofit. In one case, Amnesty said its researchers were able to click on the link in a safe environment and see that it led to a domain that they had previously identified as belonging to NSO Group's infrastructure.

'Amnesty International has spent years tracking NSO Group Pegasus spyware and how it has been used to target activists and journalists,' Donncha O Cearbhaill, the head of Amnesty's Security Lab, told TechCrunch. 'This technical research has allowed Amnesty to identify malicious websites used to deliver the Pegasus spyware, including the specific Pegasus domain used in this campaign.'

To his point, security researchers like O Cearbhaill who have been keeping tabs on NSO's activities for years are now so good at spotting signs of the company's spyware that sometimes all researchers have to do is quickly look at a domain involved in an attack. In other words, NSO Group and its customers are losing their battle to stay in the shadows. 'NSO has a basic problem: They are not as good at hiding as their customers think,' John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, told TechCrunch.

Read more of this story at Slashdot.