Security firm iVerify has confirmed that a top-tier business executive was recently targeted by Pegasus spyware, marking a rare and concerning shift in state-sponsored surveillance tactics. While typically reserved for journalists, activists, and government officials, this incident highlights the growing risk of commercial espionage using sophisticated malware originally intended for counter-terrorism.
A New Threat to Corporate Security
Rocky Cole, CEO of iVerify and former National Security Agency analyst, revealed that the victim—a prominent business leader—was stunned by the intrusion attempt. Although the identity remains confidential, Cole noted that the target belongs to a company of global recognition. This discovery serves as a stark warning: spyware tools are increasingly being repurposed for corporate intelligence gathering.
NSO Group, the developer of Pegasus, maintains that its software is sold exclusively to vetted intelligence and law enforcement agencies allied with the U.S. and Israel. However, the company declined to comment on whether its technology was specifically used to compromise private industry executives.
Detection and Scope of Compromise
The discovery emerged from a broader analysis by iVerify, which scanned devices belonging to its user base. Out of 2,500 users who opted for diagnostic checks, seven iPhones showed clear indicators of compromise, including units running iOS 16.6 in late 2023. While the firm’s app cannot access Apple’s protected kernel, it identifies anomalous signals within diagnostic logs that suggest malware presence.
Cole emphasized that these findings may represent historical compromises rather than active ones, potentially stemming from unpatched software vulnerabilities that left devices exposed to older exploits.
The Rise of Exploits Reuse
Government Hackers Reuse Spyware Exploits
The landscape of cyber-espionage is becoming increasingly difficult to contain. Security researchers have tracked a trend where government-backed hackers—particularly those linked to Russia, China, and Iran—are deploying exploits that are identical or strikingly similar to code previously developed by NSO Group. This is despite NSO’s public insistence that it does not sell products to these nations.
The concern extends to major infrastructure attacks. Investigators are currently probing whether the Chinese-backed hacking group “Salt Typhoon,” known for infiltrating U.S. telecommunications giants, utilized its network access to deploy spyware against high-value targets. Notably, iVerify identified suspicious signals on devices belonging to senior officials within the Harris-Walz presidential campaign during a period of high activity by Salt Typhoon.
As the FBI investigates potential breaches of U.S. presidential campaign communications, the security community remains on high alert. The potential for state-backed actors to “recycle” commercial spyware capabilities represents a significant escalation in the global cyber-threat environment.
For more technical details on identifying these threats, security researchers often refer to documentation on how anomalous signals within iPhone operating systems can indicate deep-level malware infections.
The investigation into these specific intrusions remains ongoing, with federal authorities working to determine the full extent of the potential espionage operations.