Amazon web services have shut down infrastructure and accounts linked to Israeli spy firm NSO Group, days after it was revealed that Pegasus spyware targeted people in several countries.
Amazon’s actions came as a result of forensic analysis conducted by Amnesty International’s Security Lab, which informed them of their findings in May 2021.
As part of that research, Amnesty added that a phone infected with NSO’s Pegasus malware sent information “to a service fronted by Amazon CloudFront, suggesting NSO Group has switched to using AWS services in recent months”, VICE reported.
Meanwhile, Citizen Lab, after independently observing the NSO Group, stated that the group began to make extensive use of Amazon’s services, including CloudFront in 2021.
CloudFront is a content delivery network (CDN) that allowed NSO to deliver content to users more quickly and reliably.
CloudFront infrastructure was used in deployments of NSO’s malware against targets, VICE reported.
This week, 17 media outlets across the world, including The Wire, published reports on their joint investigations into a database of phone numbers that are of apparent interest to clients of the NGO Group, some of which had been subjected to attempted and successful surveillance. The NSO Group has claimed that its clients are only “vetted governments”.
The spyware is, at present, being delivered through “zero-click exploits” through the iMessage app on phones running on the Apple software iOS. This technology was used to hack election strategist Prashant Kishor, as The Wire has reported.
Amnesty notes that when it reported a distinctive pattern of spyware attacks made in 2020 and 2021, to Amazon, the latter informed them that they “acted quickly to shut down the implicated infrastructure and accounts”.
However, the Israeli firm, that sells Pegasus spyware worldwide, on Sunday denied all allegations that they had conducted surveillance on phones of current Indian cabinet ministers, opposition leaders, businessmen, and journalists among others.