Since 2016, the use of Pegasus, a spyware from NSO Group, has received criticism from international human rights and privacy protection organizations.
The joint investigation by Access Now and The Citizen Lab revealed that Pegasus was used to target at least seven journalists living in the EU. These targeted attacks were conducted between 2020 and 2023.
Some targeted individuals approached The Citizen Lab when they received security notifications from Apple. Some of their devices were forensically examined to confirm the Pegasus attacks.
Five of the seven individuals were targeted and infected, meaning the Pegasus operator had access to their information. The other two were also targeted, but the devices were not infected.
The targeted individuals are:
| Name | Description | Location |
| Evgeny Erlikh | Israeli-Russian journalist with RFE/RL | Riga, Latvia |
| Evgeny Pavlov | Latvian journalist, formerly with RFE/RL and Novaya Gazeta Baltija | Riga, Latvia |
| Maria Epifanova | Russian journalist, general director of Novaya Gazeta Europe | Riga, Latvia |
| Natallia Radzina | Belarusian journalist, editor-in-chief of Charter97.org | Warsaw, Poland |
| Andrei Sannikov | Belarusian opposition politician and activist | Warsaw, Poland |
| Anonymous 1 | Russian independent media journalist | Vilnius, Lithuania |
| Anonymous 2 | Belarusian civil society member | Vilnius, Lithuania |
The targeted individuals had sought exile in European Union countries after they faced threats and attacks from their home countries.
The list includes journalists who spoke against the Russian invasion of Ukraine and media personalities and opposition activists/politicians from Belarus.
The investigation report also suggests that a single Pegasus user in the EU conducted at least five attacks. A total of 4 Apple IDs were used by the operators behind the five attacks.
Access Now and The Citizen Lab arrived at this conclusion after finding identical Apple IDs on the targeted devices. These Apple IDs were recorded when the Pegasus spyware attempted to exploit HomeKit bugs on iPhones.
The report from The Citizen Lab has not suggested who could be behind these Pegasus attacks. However, in its report, Access Now has offered some insights.
It adds that Belarus, Russia, and Lithuania do not use Pegasus. Even though Poland used Pegasus, it has not since 2021. While Latvia uses Pegasus, it is not known for targeting individuals outside its borders.
Thus, the potential operator is suggested to be Estonia, which is known for its extensive use of Pegasus.
Both reports have made one concern clear.
The organizations are concerned that these individuals are being targeted by an entity within the EU, where they have sought exile in the first place.
Access Now and The Citizen Lab ask all countries to suspend digital surveillance equipment until human rights laws are implemented.
As the investigation continues, Access Now has opened support channels for those who think they are being targeted by Pegasus.
