• The Breach Report
  • Posts
  • Russia critics targeted in new NSO Group Pegasus spyware campaign

Russia critics targeted in new NSO Group Pegasus spyware campaign

Targets include journalists and activists using Apple iPhones

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

Critics of Putin and his allies targeted with NSO Group Pegasus spyware inside European Union

The NSO Group’s Pegasus spyware has been detected on seven journalists and activists in the European Union that are critical of Russian president Vladimir Putin and the Kremlin.

The NSO Group’s Pegasus spyware has been detected on seven journalists and activists in the European Union that are critical of Russian president Vladimir Putin and the Kremlin.

Seven journalists and activists who are vocal critics of Russian President Vladimir Putin and his allies have been targeted inside the European Union with Pegasus spyware from the NSO Group.

The journalists and activists were first alerted to the compromise when they received threat notifications from Apple on their iPhone devices. Russian, Belarusian, Latvian, and Israeli nationals were among the citizens targeted.

According to reports, the individuals were infected between August 2020 and January 2023. Some of the individuals were not named, and the source of the attack is unknown.

However, the timing and pattern of the attacks on the targeted individuals strongly suggest they are coming from a single government entity. Access Now and the Citizen Lab, non-governmental organizations (NGO) protecting journalist and activist rights, assisted in compiling research and confirming device infections.

In November 2023, Galina Timchenko, a co-founder and CEO of Meduza, reported that her iPhone was infected with the Pegasus spyware. Meduza is a Russian independent media outlet based in Latvia and has been labeled “an undesirable organization” by the Kremlin.

One targeted individual who wishes to remain anonymous confirmed that his iPhone received Apple detection notifications twice as of April 10, 2024. Independent cyber researchers examined his phone and confirmed that the device was infected starting on June 15, 2023. The journalist attended a conference for Russian journalists in exile in Latvia the next day.

Other affected individuals were unaware that their phone was infected with Pegasus for years.

What does the NSO Group Pegasus spyware do?

If you’re unfamiliar with it, the NSO Group Pegasus spyware is considered the most potent spyware tool on the market. It provides virtually unfiltered access to the target’s smartphone.

It’s regarded as a “zero-click” spyware tool, which doesn’t require the targeted user to press or click on anything on the device for it to become infected.

Once Pegasus infects a targeted device, it can access local device photos, view, and access all past and future phone calls (including listening to future phone calls), continuously monitor the device’s location, and activate the phone’s microphone discretely to act as a listening device.

NSO Group is headquartered in Israel and was banned by the Biden administration in 2021. It employs over 700 people globally and is regulated by Israel’s Ministry of Defence. It claims it only sells spyware to “vetted law enforcement agencies” for crime prevention and terrorist activity.

NSO Group deputy general counsel Chaim Gelfand says the company is “deeply troubled by any allegation of potential misuse of our system.”

He added, “NSO Group is committed to upholding human rights and protecting vulnerable individuals and communities, including journalists who play a crucial role in promoting and protecting these rights.”

How to protect yourself from spyware like Pegasus

Thankfully, tech companies that develop the world’s most common smartphone operating systems–Apple and Google–provide sophisticated methods to protect yourself. Best of all, these capabilities are completely free.

You don’t need to be an activist, journalist, or person of significance to leverage these account and device protections. In fact, I recommend everyone enable the following for Apple and Google accounts.

Apple iOS / iPhone

Apple continues to notify victims targeted with certain types of mercenary spyware, including NSO Group’s Pegasus.

To protect yourself and your devices, ensure that if you are an Apple iPhone user, you perform two things:

  • Enable Apple Lockdown Mode. While this isn’t guaranteed to prevent every mercenary spyware toolkit exploit, cybersecurity experts believe it is resilient enough to protect against Pegasus. Read how to enable Lockdown Mode.

  • Enable Apple iOS Stolen Device Protection. Apple has introduced iOS Stolen Device Protection, which will prevent unauthorized access to your Apple Keychain, using your phone to set up a new device (useful if someone is trying to clone your device), or optionally erase all content and settings. Read how to enable iOS Stolen Device Protection.

Google Android OS / Google Accounts

If you are a Google or Android user, ensure that you enable Google’s Advanced Protection Program for your account.

  • Use Google Advanced Protection. Google Advanced Protection is an advanced security control mechanism that supports strengthened access control to your Google account, Android or iOS devices. It requires using security keys like a FIDO-compliant Yubikey to access your Google account or any documents, files, or email within the account. Read how to enable Google Advanced Protection.

Latest Cybersecurity News

What we’re reading across the wire about the latest cybersecurity hacks, breaches, industry news, and more.

New from our favorite blogs and journalists:

Instantly calculate the time you can save by automating compliance

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Instantly calculate how much time you can save with Vanta.

Until next time…

Rob Waters
The Breach Report + Cybersecurity Careers Blog

P.S. - Do you want to start a cybersecurity newsletter yourself?
You can with beehiiv. Create one today with a free trial.

Join the conversation

or to participate.