Russia critics targeted in new NSO Group Pegasus spyware campaign

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

Critics of Putin and his allies targeted with NSO Group Pegasus spyware inside European Union

Seven journalists and activists who are vocal critics of Russian President Vladimir Putin and his allies have been targeted inside the European Union with Pegasus spyware from the NSO Group.

The journalists and activists were first alerted to the compromise when they received threat notifications from Apple on their iPhone devices. Russian, Belarusian, Latvian, and Israeli nationals were among the citizens targeted.

According to reports, the individuals were infected between August 2020 and January 2023. Some of the individuals were not named, and the source of the attack is unknown.

However, the timing and pattern of the attacks on the targeted individuals strongly suggest they are coming from a single government entity. Access Now and the Citizen Lab, non-governmental organizations (NGO) protecting journalist and activist rights, assisted in compiling research and confirming device infections.

In November 2023, Galina Timchenko, a co-founder and CEO of Meduza, reported that her iPhone was infected with the Pegasus spyware. Meduza is a Russian independent media outlet based in Latvia and has been labeled “an undesirable organization” by the Kremlin.

One targeted individual who wishes to remain anonymous confirmed that his iPhone received Apple detection notifications twice as of April 10, 2024. Independent cyber researchers examined his phone and confirmed that the device was infected starting on June 15, 2023. The journalist attended a conference for Russian journalists in exile in Latvia the next day.

Other affected individuals were unaware that their phone was infected with Pegasus for years.

What does the NSO Group Pegasus spyware do?

If you’re unfamiliar with it, the NSO Group Pegasus spyware is considered the most potent spyware tool on the market. It provides virtually unfiltered access to the target’s smartphone.

It’s regarded as a “zero-click” spyware tool, which doesn’t require the targeted user to press or click on anything on the device for it to become infected.

Once Pegasus infects a targeted device, it can access local device photos, view, and access all past and future phone calls (including listening to future phone calls), continuously monitor the device’s location, and activate the phone’s microphone discretely to act as a listening device.

NSO Group is headquartered in Israel and was banned by the Biden administration in 2021. It employs over 700 people globally and is regulated by Israel’s Ministry of Defence. It claims it only sells spyware to “vetted law enforcement agencies” for crime prevention and terrorist activity.

NSO Group deputy general counsel Chaim Gelfand says the company is “deeply troubled by any allegation of potential misuse of our system.”

He added, “NSO Group is committed to upholding human rights and protecting vulnerable individuals and communities, including journalists who play a crucial role in promoting and protecting these rights.”

How to protect yourself from spyware like Pegasus

Thankfully, tech companies that develop the world’s most common smartphone operating systems–Apple and Google–provide sophisticated methods to protect yourself. Best of all, these capabilities are completely free.

You don’t need to be an activist, journalist, or person of significance to leverage these account and device protections. In fact, I recommend everyone enable the following for Apple and Google accounts.

Apple iOS / iPhone

Apple continues to notify victims targeted with certain types of mercenary spyware, including NSO Group’s Pegasus.

To protect yourself and your devices, ensure that if you are an Apple iPhone user, you perform two things:

• Enable Apple Lockdown Mode. While this isn’t guaranteed to prevent every mercenary spyware toolkit exploit, cybersecurity experts believe it is resilient enough to protect against Pegasus. Read how to enable Lockdown Mode.

• Enable Apple iOS Stolen Device Protection. Apple has introduced iOS Stolen Device Protection, which will prevent unauthorized access to your Apple Keychain, using your phone to set up a new device (useful if someone is trying to clone your device), or optionally erase all content and settings. Read how to enable iOS Stolen Device Protection.

Google Android OS / Google Accounts

If you are a Google or Android user, ensure that you enable Google’s Advanced Protection Program for your account.

• Use Google Advanced Protection. Google Advanced Protection is an advanced security control mechanism that supports strengthened access control to your Google account, Android or iOS devices. It requires using security keys like a FIDO-compliant Yubikey to access your Google account or any documents, files, or email within the account. Read how to enable Google Advanced Protection.

Latest Cybersecurity News

What we’re reading across the wire about the latest cybersecurity hacks, breaches, industry news, and more.

New from our favorite blogs and journalists:

• Cyber firm CyberArk inks $1.54 billion deal to acquire Venafi (The Record)

• HHS reverses course, allows Change Healthcare to file breach notifications for others (The Record)

• Cloud company Snowflake denies that reported breach originated with its products (The Record)

• UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says (The Record)

• Report: Apple and OpenAI have signed a deal to partner on AI (Ars Technica)

• Google Cloud explains how it accidentally deleted a customer account (Ars Technica)

• Federal agency warns critical Linux vulnerability being actively exploited (Ars Technica)

• Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (Ars Technica)

• Spanish police probe DGT hack, millions of driver's info exposed (CyberNews)

• Russia hacks Polish media, posts fake news about troops to Ukraine (CyberNews)

• New Pegasus spying cases found in Eastern Europe (CyberNews)

Instantly calculate the time you can save by automating compliance

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Instantly calculate how much time you can save with Vanta.

[Calculate now]

Until next time…

Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog

P.S. - Do you want to start a cybersecurity newsletter yourself?
You can with beehiiv. Create one today with a free trial.