Journalists in exile targeted with Pegasus spyware

NSO Group website on a smartphone with the company's logo in the background
All over the world, activists and members of the press continue to be targeted with spyware. (Source: IMAGO / Pond5 Images)

Seven exile journalists and activists were targeted with Pegasus spyware within the European Union’s borders. Security experts have found evidence of the attacks, but are unable to identify the attackers.

The attacks were investigated by the NGO Access Now working in tandem with experts at the University of Toronto’s Citizen Lab. The investigation found that the victims’ smartphones were infected with spyware between August 2020 and January 2023.

Pegasus is developed by NSO Group, an Israeli company. The spyware can be used to fully infiltrate devices like smartphones – those targeted are often completely unaware of the attack. After successfully infecting a device, attackers are able to gain access to all stored data, and can turn on the camera and microphone without the user’s knowledge. NSO Group claims to sell its surveillance software only to government clients.

Living in exile

According to Access Now and the Citizen Lab, all the individuals affected live in exile in EU countries. Many of them have criticized the Russian government and its war of aggression against Ukraine.

One of the people spied on is a member of Belarusian civil society who currently lives in Lithuania. The person, who was not named, had received a notification from Apple alerting them that their iPhone had been targeted by spyware. The company has been sending threat notifications since November 2021. After receiving the alert, the individual contacted the Citizen Lab, whose security experts were able to determine that the individual’s smartphone had in fact been infected with Pegasus spyware in March 2021.

A Russian journalist who also lives in Lithuania received similar warnings from Apple. According to Access Now and the Citizen Lab, the journalist’s smartphone was targeted in June 2023. At the time they were attending an event for exiled journalists in Riga, the Latvian capital. The event focused in part on digital security measures for journalists.

Three members of the press living in Riga were also targeted. One of them was Israeli-Russian journalist Evgeny Erlikh, former producer of the “Baltic Weekly” program for Radio Free Europe/Radio Liberty.

Maria Epifanova, general director of the Novaya Gazeta Europe newspaper, was spied on as well. Her phone was infected with Pegasus software in August 2020 – “the earliest known use of Pegasus to target Russian civil society,” Access Now reports.

Speaking to the Committee to Protect Journalists (CPJ), Epifanova said, “Regardless of who is behind this attack, invasion in private life is unacceptable. I am now working with a lawyer to decide on the next steps and will do my best to bring more light onto my own case and cases of my colleagues.”

Another victim was Belarusian opposition politician Andrei Sannikov, who lives in Warsaw. He ran for president of Belarus in 2010 – and was arrested after the election.

The Citizen Lab reports that critics of the Russian and Belarusian governments often face surveillance, threats, censorship, and other forms of repression. As a result, many choose to work in exile. Working abroad, however, they are more reliant on digital forms of communication – and this exposes them to new risks.

The joint investigation revealed that the same actor was likely responsible for the attacks on five of the seven victims. But the Citizen Lab and Access Now were unable to determine who specifically was behind the attacks. The groups report that there is no evidence that Russia, Belarus, or Lithuania are Pegasus customers or that they use Pegasus.

Last year, Access Now and the Citizen Lab were able to confirm that Galina Timchenko, founder of the exile media organization Meduza, was spied on with Pegasus. In Timchenko’s case as well, the groups were unable to determine who was behind the spying.

Call for a moratorium

Access Now is calling for a global moratorium “on the export, sale, transfer, servicing, and use of targeted digital surveillance technologies” like Pegasus.

Pegasus and similar surveillance tools have been criticized in the wake of reports that they have repeatedly been used to spy on government critics and members of the press. In the EU, journalists have been spied on in Hungary and Greece.

The United States has imposed sanctions on NSO Group and other software developers. US companies are prohibited from doing business with companies on the sanctions list without special authorization. (js)