The Citizen Lab research group has discovered that spyware manufactured by NSO Group Ltd. was used to target a device connected to the network of 10 Downing Street, the office and residence of the British Prime Minister.
Citizen Lab, which is affiliated with the University of Toronto, detailed its findings today. The research group also revealed that spyware from the NSO group was used to target more than 60 phones in Catalonia, Spain, including devices belonging to elected officials, academics and activists.
NSO Group, based in Israel, is the developer of the Pegasus Spyware. The company supplies Pegasus to military, law enforcement and intelligence agencies. The spyware is designed to infect iPhones without user intervention, such as opening a malicious file, and can remove itself to avoid detection.
Last year, the U.S. Department of Commerce sanctioned NSO Group after determining that the company’s spyware was being used by foreign governments to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers. NSO Group has been added to a list of entities maintained by the Commerce Department’s Bureau of Industry and Security.
Citizen Lab discovered that Pegasus was used on July 7, 2020 to infect a network-connected device at 10 Downing Street in London. The research group said the cyberattack was “associated with a Pegasus operator that we link to the United Arab Emirates.”
the new yorker reported today that the National Cyber Security Centre, an arm of British intelligence, tested several phones in Downing Street, including one belonging to Prime Minister Boris Johnson. Authorities have reportedly not yet located the infected device.
Citizen Lab has also detected five cases in which phones connected to the UK Foreign Office were hacked using Pegasus. The incidents occurred between July 2020 and June 2021, the research group determined. A government official who spoke to The New Yorker confirmed that signs of the hack had been discovered at the Foreign Office.
As part of its research, Citizen Lab also determined that spyware from the NSO Group was used to target more than 60 phones belonging to people in Catalonia. The Citizen Lab researchers wrote that “we do not conclusively attribute the targeting to any specific government, but there is ample circumstantial evidence pointing to the Spanish government.”
“With the targets’ consent, we obtained forensic artifacts from their devices which we examined for evidence of Pegasus infections,” the Citizen Lab researchers said. “Our forensic analysis allows us to conclude with high confidence that, of the 63 people targeted by Pegasus, at least 51 people were infected.”
Citizen Lab’s investigation found that those targeted by the hacking campaign included three members of the European Parliament, academics, activists and lawyers, as well as their staff and family members in some cases. The cyberattacks were carried out between 2017 and 2020.
As part of their investigation, researchers determined that at least four people in Catalonia were targeted using spyware created by Candiru, a startup founded by former NSO Group employees. Citizen Lab also found a zero-day or previously undisclosed vulnerability used by NSO Group. The vulnerability, dubbed HOMAGE, was reportedly used to infect Apple Inc. devices in Catalonia from 2019 to early 2020 and has since been patched by the iPhone maker.