At least seven journalists and activists who have openly criticized the Kremlin and its allies have been attacked within the EU by a state that uses Pegasushacking spyware created by Israel’s NSO Group, according to a new report from security researchers.
The targets of the hacking attempts – who were first alerted to the cyber intrusion attempts after receiving threat notifications from Apple on their iPhones – include Russian, Belarusian, Latvian and Israeli journalists and activists within the EU.
Pegasus is considered one of the most sophisticated cyber weapons in the world and is operated by countries that acquire NSO technology. The company says it should be used for legitimate reasons, such as fighting crime. But researchers have documented hundreds of cases in which spyware operators, including states within the EU, have allegedly used it for other purposes, including spying on political opponents and journalists.
Investigators said they could not definitively identify the state or state agency behind the latest hacking attempts, but said technical indicators suggested the attempts could have been made by the same NSO client. The developments follow a similar report last year that found that an operator within the EU had used Pegasus spyware to attack Galina Timchenko, the award-winning Russian journalist and co-founder of the news website Meduza.
The investigation into the latest cyberattack attempts was conducted by digital civil rights activists Access Now, the Citizen Lab at the University of Toronto’s Munk School, and Nikolai Kvantaliani, an independent security analyst.
When successfully deployed, Pegasus can hack any phone, access mobile phone photos and calls, detect a person’s location, and activate a user’s recorder, turning the phone into a listening device.
The company was blacklisted by the Biden administration in 2021. It is also being sued by WhatsApp and Apple, in cases that it has disputed and that are being litigated in US courts.
While Russia might seem like the most logical possible state behind the latest series of attacks, researchers have focused their attention within the EU and say they do not believe Russia or Belarus are NSO clients. While Latvia appears to have access to Pegasus, it is not known for attacking people outside its borders. Estonia is also a known user of Pegasus and, according to researchers, appears to use the spyware “extensively” outside its borders, including in Europe.
One Russian target, a journalist living in exile in Vilnius who chose to remain anonymous for reasons of personal safety, received two threat notifications from Apple, the last on April 10, 2024, according to investigators. An analysis of the journalist’s mobile phone confirmed an infection attempt on June 15, 2023. The journalist attended a conference for exiled Russian journalists in Riga, Latvia the following day, focusing on the vulnerabilities faced by journalists in the region.
Two Belarusian members of civil society living in Warsaw also received notifications from Apple on October 31, 2023. Opposition politician and activist Andrei Sannikov, who ran for the presidency of Belarus in 2010 and was arrested and held by the KGB Belarusian after the elections, had her phone infected on or around September 7, 2021. He went undiscovered for two years, he said.
“Even if it is Estonia or Lithuania, Latvia or Poland, that does not exclude that it is the FSB or the KGB (behind them),” Sannikov said. Asked if the series of attacks indicated that Russia or its allies had infiltrated an intelligence or law enforcement agency inside the EU, he added: “Yes, of course. “I think it is common knowledge that Western institutions are heavily infiltrated and so are opposition circles.”
Natalia Radzina, editor-in-chief of the Belarusian independent media website Charter97.org, and winner of the Committee to Protect Journalists’ international press freedom award, was infected with Pegasus twice in late 2022 and early 2023. .
after newsletter promotion
Radzina called the infections a violation of privacy reminiscent of earlier intrusions in Belarus, where she was politically persecuted and imprisoned by the KGB.
“I know that for many years my absolutely legal journalistic activity can only be of interest to the Belarusian and Russian special services, and I only fear possible cooperation in this matter between the current operators, whoever they are, with the KGB or the FSB,” he said.
Three other journalists living in Riga also received threat notifications from Apple: Evgeny Erlikh, a Russian-Israeli journalist; Evgeny Pavlov, Latvian journalist, and Maria Epifanova, general director of Novaya Gazeta Europe.
NSO, which is regulated by Israel’s Defense Ministry, says it sells its spyware to strictly vetted law enforcement agencies in order to prevent crime and terrorist attacks. He said he could neither confirm nor deny the identities of any specific alleged customers, but wanted to emphasize that NSO only sells its products to “allies of Israel and the United States.”
The company also provided The Guardian with a copy of a letter it had sent to Ivan Kolpakov, editor-in-chief of Meduza, in response to its letter to the company. NSO Deputy General Counsel Chaim Gelfand said the company was “deeply concerned by any allegations of possible misuse of our system” and said it would immediately review the information Kolpakov had provided it and launch an investigation “if warranted.” . He said the company could not substantiate or refute any allegations without additional information.
Gelfand added: “NSO Group is committed to upholding human rights and protecting vulnerable people and communities, including journalists who play a crucial role in promoting and protecting these rights.”
