The US NCSC and the Dept of State published defense guidance on protecting against commercial surveillance spyware. “Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections. In some cases, malign actors can infect a targeted device with no action from the device owner.”
This guidance follows on news published by the Washington Post on Dec. 3rd of Pegasus spyware used to hack U.S. diplomats working abroad disclosing attacks that hit at least 11 US officials focused on matters concerning the East African country of Uganda.
The governments warning is specific:
These surveillance tools can:
• Record audio, including phone calls.
• Track phone’s location.
• Access and retrieve virtually all content on a phone, including text messages,