Threat Watch

US Counterintelligence Shares Tips to Block Spyware Attacks

The National Counterintelligence and Security Center (NCSC) and the Department of State published joint guidance on how to defend against attacks from commercial surveillance tools. The guidance states that foreign governments have been purchasing such tools for malicious reasons, spying on journalists, dissidents, and several others. Threat actors can infect a targeted device with no action from the device owner. In others, they can use an infected link to gain access to a device. Once infected, threat actors can record audio, including phone calls, track the device’s location, and access nearly all the content on the device. In December 2021, it was reported that members of the Department of State’s phones had been infected with Pegasus Spyware, which was developed by the Israeli based NSO group. Poland also recently admitted to buying the spyware, but denies it was used to target political opponents.


The NCSC provided the following guidance to protect devices from spyware.
• Regularly update device operating systems and mobile applications.
• Be suspicious of content from unfamiliar senders, especially those which contain links or attachments.
• Don’t click on suspicious links or suspicious emails and attachments.
• Check URLs before clicking links or go to websites directly.
• Regularly restart mobile devices, which may help damage or remove malware implants.
• Encrypt and password protect your device.
• Maintain physical control of your device when possible.
• Use trusted Virtual Private Networks.
• Disable geo-location options and cover camera on devices.
• While these steps mitigate risks, they don’t eliminate them. It’s always safest to behave as if the device is compromised, so be mindful of sensitive content.