Pegasus Used to Spy on Exiled EU Journalists and Activists

Since 2016, the use of Pegasus, a spyware from NSO Group, has received criticism from international human rights and privacy protection organizations.

The joint investigation by Access Now and The Citizen Lab revealed that Pegasus was used to target at least seven journalists living in the EU. These targeted attacks were conducted between 2020 and 2023.

Some targeted individuals approached The Citizen Lab when they received security notifications from Apple. Some of their devices were forensically examined to confirm the Pegasus attacks.

Five of the seven individuals were targeted and infected, meaning the Pegasus operator had access to their information. The other two were also targeted, but the devices were not infected.

The targeted individuals are:

Name Description Location
Evgeny Erlikh Israeli-Russian journalist with RFE/RL Riga, Latvia
Evgeny Pavlov Latvian journalist, formerly with RFE/RL and Novaya Gazeta Baltija Riga, Latvia
Maria Epifanova Russian journalist, general director of Novaya Gazeta Europe Riga, Latvia
Natallia Radzina Belarusian journalist, editor-in-chief of Warsaw, Poland
Andrei Sannikov Belarusian opposition politician and activist Warsaw, Poland
Anonymous 1 Russian independent media journalist Vilnius, Lithuania
Anonymous 2 Belarusian civil society member Vilnius, Lithuania

The targeted individuals had sought exile in European Union countries after they faced threats and attacks from their home countries.

The list includes journalists who spoke against the Russian invasion of Ukraine and media personalities and opposition activists/politicians from Belarus.

graphics from The Citizen Lab explaining the use of Apple IDs for Pegasus attack
Source: The Citizen Lab

The investigation report also suggests that a single Pegasus user in the EU conducted at least five attacks. A total of 4 Apple IDs were used by the operators behind the five attacks.

Access Now and The Citizen Lab arrived at this conclusion after finding identical Apple IDs on the targeted devices. These Apple IDs were recorded when the Pegasus spyware attempted to exploit HomeKit bugs on iPhones.

The report from The Citizen Lab has not suggested who could be behind these Pegasus attacks. However, in its report, Access Now has offered some insights.

It adds that Belarus, Russia, and Lithuania do not use Pegasus. Even though Poland used Pegasus, it has not since 2021. While Latvia uses Pegasus, it is not known for targeting individuals outside its borders.

Thus, the potential operator is suggested to be Estonia, which is known for its extensive use of Pegasus.

Both reports have made one concern clear.

The organizations are concerned that these individuals are being targeted by an entity within the EU, where they have sought exile in the first place.

Access Now and The Citizen Lab ask all countries to suspend digital surveillance equipment until human rights laws are implemented.

As the investigation continues, Access Now has opened support channels for those who think they are being targeted by Pegasus.

Subscribe to our newsletter

To be updated with all the latest news


Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post