At least seven people, including a former Belarusian presidential candidate, had their mobile phones targeted with the spyware, known as “Pegasus,” between 2020 and 2023, according to the digital rights groups Access Now and Citizen Lab. (Wikimedia Commons)
A three-year hacking campaign targeted Russian, Belarusian and Latvian journalists and activists using spyware made by the Israeli company NSO Group, according to research published on Thursday.
At least seven people, including a former Belarusian presidential candidate, had their mobile phones targeted with the spyware, known as “Pegasus,” between 2020 and 2023, according to the digital rights groups Access Now and Citizen Lab.
NSO sells its spyware to governments and law enforcement agencies, who use it to covertly break into phones and eavesdrop on calls and messages. NSO says Pegasus is intended to be used to track down serious criminals. But the US Commerce Department blacklisted the company in November 2021, accusing it of enabling “transnational repression.”
Gil Lainer, a spokesperson for NSO Group, declined to comment specifically on allegations from the report. However, he said in a statement, “NSO complies with all laws and regulations and sells only to vetted intelligence and law enforcement agencies. Our customers use these technologies daily to prevent crime and terror attacks.”
NSO’s compliance and human rights program protects against misuse by governments and investigates all credible claims of misuse, Lainer said. He declined to discuss specific customers, citing “regulatory constraints.”
According to the latest research, three of the people targeted with the spyware were based in Riga, Latvia, two in Vilnius, Lithuania, and two others in Warsaw, Poland.
The victims included Andrei Sannikov, a prominent Belarusian opposition politician and activist who ran for president of Belarus in 2010; Natallia Radzina, editor-in-chief of independent Belarusian media website Charter97.org; Maria Epifanova, general director of exiled Russian news organization Novaya Gazeta Europe; and Evgeny Erlikh, an Israeli-Russian journalist, according to the research.
Sannikov said he had experienced “lots of attempts” to hack his phone in the past. “I had years of experience so I don’t trust any delicate information or delicate conversations to my smartphone,” he said.
Radzina, whose phone was infected on at least three separate occasions between 2022 and 2023, called the intrusions “a violation of privacy, the secrecy of correspondence and telephone conversations.”
Epifanova said she found out she was hacked with spyware after receiving a notification from Apple last year saying that her iPhone had likely been targeted. “It made me feel pretty horrible and vulnerable,” she said. “Someone had access to my private information and communications with other people.”
Erlikh, who was vacationing in Austria with his partner when his phone was infected with the spyware in November 2022, said the hack had left him feeling “naked.”
“But I don’t keep any state secrets,” he said in a message to Bloomberg News. “So I’m sorry that the special services spent so much time and money on me and did not achieve any results.”
It’s not clear who was behind the hacks; the report doesn’t name suspected culprits. NSO only sells its technology to allies of the US and Israel, according to Lainer. That would rule out Russia or Belarus.
The research indicates that Russian and Belarusian journalists and activists working in Europe are particularly at risk from the spyware. Last year, Galina Timchenko, a Russian journalist and co-founder of independent Russian media organization Meduza, discovered that her phone was infected with Pegasus. Timchenko is based in Latvia and was visiting Berlin at the time she was targeted.
“The victims in our investigations, just like Galina Timchenko, are well known and respected members of civil society, most of whom have been severely persecuted by Russia and Belarus for their political and journalistic work,” said Natalia Krapiva, senior tech legal counsel at Access Now. “If one or more EU democracies indeed targeted these people with Pegasus spyware, something must be seriously wrong with the rule of law in these countries.”
