Security firm iVerify reported that a prominent business leader was among several individuals whose iPhones were recently targeted by Pegasus spyware.
While state surveillance often targets journalists, human rights advocates, lawmakers, and political figures, incidents involving business leaders are less common, though not unprecedented. These findings highlight the potential misuse of spyware—originally developed for combating terrorism and serious crimes—for commercial espionage.
In a conversation with TechCrunch, iVerify's CEO, Rocky Cole, refrained from naming the target but noted that the spyware aimed at a well-known business entity. Cole, a former NSA analyst, stated that the business leader, who has been in contact with iVerify, was "completely surprised" by the attempt to breach their device.
When approached for comment, NSO Group, the maker of Pegasus spyware, initially remained silent. Later, Gil Lainer, an NSO spokesperson, stated via email that Pegasus is sold only to vetted intelligence and law enforcement agencies in the U.S. and allied nations. However, Lainer did not confirm whether the spyware had been used to target private sector executives.
iVerify, which offers a mobile security app, identified evidence of spyware on seven iPhones, some running iOS 16.6 as of late 2023. These devices were part of a group of 2,500 app users who had scanned their devices for signs of compromise. Cole clarified that this small sample size does not reflect the broader population, as iVerify users are generally at higher risk of state-sponsored targeting.
The app works within the constraints of Apple’s privacy policies by analyzing on-device diagnostic data and detecting unusual signals in the iOS and iPadOS systems. This method helps identify potential malware infections, though it remains unclear whether the targeted iPhones were compromised at the time these signals were detected. Some devices may have been vulnerable due to outdated software.
Although iVerify is not the only tool for detecting spyware, Cole emphasized that it enables large-scale detection.
Rising Threats of Spyware Misuse
Spyware attacks on business leaders rarely become public knowledge. Notable past incidents include the hacking of Amazon founder Jeff Bezos's phone, allegedly using Pegasus spyware. However, NSO Group denied involvement in that case.
The growing prevalence of spyware has made controlling its use increasingly difficult. Earlier this year, Google revealed that Russian government-backed hackers obtained exploits closely resembling NSO’s code, despite NSO claiming it had never sold to Russia. The company has also denied selling to China, Iran, or Russia.
Cole noted a concerning trend of government-backed hackers, such as those from China, Iran, and Russia, reusing spyware exploits. iVerify is investigating whether a China-backed group, Salt Typhoon, utilized telecom network access to target individuals with spyware.
Cole also shared that anomalous signals were recently detected on two phones belonging to senior officials from the Harris-Walz presidential campaign during a period of heightened Salt Typhoon activity. The devices’ compromise is still under investigation, with the FBI reportedly examining whether China-backed hackers exploited telecom networks to deploy spyware.
If Salt Typhoon is confirmed to have targeted these phones, Cole suggested the attacks may represent “the reuse of commercial capabilities.”