Russian and Belarusian journalists and activists living in Latvia, Lithuania, and Poland were targeted by the Pegasus spyware, according to a new report by the nonprofit Access Now and Digital Lab research centre at the University of Toronto in Canada.
In Vilnius, the hacking attack targeted an unnamed independent Russian journalist and Belarusian civil society member. The other five hacking cases included Russian and Latvian journalists living in Riga, as well as a Belarusian opposition politician and a journalist in Poland.
The secret services of Russia and Belarus have a history of targeting exiled opposition politicians and members of the civil society, the report stated.
Last year, the phone of Galina Timchenko, the co-founder and Latvia-based independent Russia media outlet Meduza, was also hacked while she was on a visit to Germany.
The attack on Timchenko in 2023 came just two weeks after the Russian government declared Meduza an “undesirable organisation” as well as at a time when suspicions were being levelled by “EU governments against Russia’s civil society in exile”, according to Access Now.
Poland and Latvia were also previously found to be using the Pegasus spyware, an Israeli hacking tool used by state and non-state actors. According to Access Now, governments and private actors in over 46 countries worldwide, including EU member states, have reportedly used the tool.
In all instances, the hacked phones belonged to journalists, politicians, officials and other public figures, according to a 2023 investigation by the European Parliament.
When targeted, a person has little way of knowing whether their phone has been compromised until informed directly by Apple or by using an open-source tool developed by the Amnesty International NGO. In the meantime, the attackers can monitor all of the phone’s functions, including the camera and microphone.
“Our investigation shows that the use of Pegasus spyware to target Russian- and Belarusian-speaking journalists and activists dates back until at least 2020, with more attacks following Russia’s full-scale invasion of Ukraine in February 2022,” Access Now wrote in the report published on Thursday.
According to Access Now, gathered evidence suggests that “a single Pegasus spyware operator may be behind the targeting of at least three of the victims and possibly all five”.
It’s unclear who is behind the attack, according to the report.
Poland stopped using Pegasus in 2021 and has never targeted victims outside the country. Similarly, although Latvia has previously used Pegasus, it is not known for targeting victims abroad. There is also no evidence suggesting that Russia, Belarus or Lithuania are Pegasus customers, the report said.
However, Estonia “does appear to use Pegasus extensively outside their borders, including within multiple European countries”, Access Now wrote, yet stopping short of explicitly naming Tallinn as being responsible for the attacks.
In a response to LRT.lt, Lithuania's Defence Ministry declined to comment on whether it had any information about the attacks and if the Pegasus spyware was ever used by the country's institutions.
Newsletter
Every Friday morning.
