At least seven journalists and activists who have been vocal critics of the Kremlin and its allies have been targeted inside the EU by a state using Pegasus, the hacking spyware made by Israel's NSO Group, according to a new report by security researchers.
The targets of the hacking attempts - who were first alerted to the attempted cyber-intrusions after receiving threat notifications from Apple on their iPhones - include Russian, Belarusian, Latvian and Israeli journalists and activists inside the EU. Pegasus is considered one of the most sophisticated cyberweapons in the world, and is operated by countries who acquire the technology from NSO. The company says it is meant to be used for legitimate reasons, such as fighting crime.
Researchers have documented hundreds of cases in which operators of the spyware, including states inside the EU, have allegedly used it for other purposes, including spying on political opponents and journalists.
Researchers said they could not definitively identify the state or state agency behind the latest hacking attempts, but they said technical indicators suggested the attempts may have been made by the same NSO client.
The developments follow a similar report last year that found Pegasus spyware had been used by an operator inside the EU to target Galina Timchenko, the award-winning Russian journalist and co-founder of the news website Meduza.
The investigation into the latest attempted cyber-attacks was conducted by the digital civil rights campaigners Access Now, the Citizen Lab at the University of Toronto's Munk School, and Nikolai Kvantaliani, an independent security analyst.
When it is successfully deployed, Pegasus can hack into any phone, access photos and mobile phone calls, detect a person's location, and activate a user's recorder, turning the phone into a listening device.
The company was placed on a blacklist by the Biden administration in 2021.
While Russia might seem to be the most logical possible state behind the latest series of attacks, researchers have focused their attention within the EU and say they do not believe that Russia or Belarus are NSO customers.
While Latvia appears to have access to Pegasus, it is not known for targeting individuals outside its borders.
One Russian target, a journalist who lives in exile in Vilnius and has decided to remain anonymous due to personal safety concerns, received two Apple threat notifications, with the latest on 10 April 2024, according to the researchers.
An analysis of the journalist's mobile phone confirmed an attempted infection on 15 June 2023.
The journalist attended a conference for Russian journalists in exile in Riga, Latvia the next day, focusing on the vulnerabilities facing journalists in the region.
Two Belarusian members of civil society living in Warsaw also received Apple notifications on 31 October 2023.
Opposition politician and activist Andrei Sannikov, who ran for the presidency of Belarus in 2010 and was arrested and held by the Belarusian KGB after the poll, had his phone infected on or about 7 September 2021.
Natalia Radzina, editor-in-chief of the independent Belarusian media website Charter97.org, and winner of the international press freedom award from the Committee to Protect Journalists, was infected with Pegasus twice in late 2022 and in early 2023.
Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties.
Three other journalists living in Riga also received Apple threat notifications: Evgeny Erlikh, an Israeli-Russian journalist; Evgeny Pavlov, a Latvian journalist, and Maria Epifanova, general director of Novaya Gazeta Europe.
NSO, which is regulated by the Israel's ministry of defence, says it sells its spyware to vetted law enforcement agencies strictly for the purposes of preventing crime and terror attacks.
The company could not, he said, substantiate or refute any allegations without additional information.
This Cyber News was published on packetstormsecurity.com. Publication date: Thu, 30 May 2024 14:13:05 +0000