NSO Group, the company behind the Pegasus spyware tool, has been blacklisted by Amazon Web Services (AWS). The prohibition was announced this morning by Vice, a day after a broad report claimed Pegasus was used to target the phones of human rights activists and journalists.
According to an Amnesty International study into Pegasus, the technology hacked targets’ phones and funnelled data through commercial services like AWS and Amazon Cloud-front, which “protects NSO Group from some internet scanning techniques,” according to the organization. (A 2020 study already highlighted NSO’s use of Amazon services, according to Vice.) According to Amnesty International, it informed Amazon about NSO, and Amazon responded by suspending NSO-related accounts. An Amazon Web Services spokeswoman confirmed to The Verge, “When we learned of this conduct, we responded promptly to take down the relevant infrastructure and accounts.”
NSO appears to have used more than just AWS. It is linked to numerous other firms in the Amnesty International investigation, including Digital Ocean and Linode. NSO allegedly preferred European and American servers, specifically “European data centers managed by American hosting companies.” According to the study, NSO would spread Pegasus malware through a number of malicious subdomains, taking advantage of security flaws in services like iMessage. Pegasus could collect data from a phone once it was compromised, as well as activate the phone’s camera and microphone for monitoring.