abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Subscribe Search
English
العربيّة
Deutsch
Español
Français
日本語
Português
Русский
한국어
简体中文
繁體中文
Article

13 Sep 2023

Stephanie Kirchgaessner and Andrew Roth, The Guardian

Russian journalist hacked with Pegasus spyware while in Germany

See all tags
Read more

"Exiled Russian journalist hacked using NSO Group spyware", 13 September 2023

An award-winning Russian journalist living in exile in Europe was hacked using Israeli spyware made by NSO Group, according to a joint investigation by the Citizen Lab and Access Now. Galina Timchenko was hacked on or around 10 February, at a time when she was based in Berlin, Germany, marking the first time that an independent Russian journalist – whose media outlet has been targeted by Moscow and declared an “undesirable organisation” – is known to have been hacked with spyware.

The attack occurred shortly before a meeting in Berlin of the main independent Russian media in exile, in which participants including Timchenko discussed the pressure they were under and how to respond to it. It was organised by a Russian organisation called Redkollegiya. “Through me they could have eavesdropped on this meeting,” the journalist said in an interview with the Guardian...

...Researchers said they were not immediately able to identify who might have targeted Timchenko’s phone, but said it was hacked using Pegasus, one of the world’s most sophisticated military-grade spyware tools. Russia would be considered an obvious candidate to have targeted Timchenko, who is the co-founder and chief executive of Meduza, an independent Russian news website that has a record of publishing critical articles about the war in Ukraine and investigations into the Russian elite, including those close to Vladimir Putin...

...The company is known to sell to authorities in many European countries – including the German police – and countries in the Middle East and Africa...

...Citizen Lab and Access Now, two of the world’s experts on surveillance and spyware, said they believed it was “unlikely” that Russia was a client of NSO Group, and emphasised that they had not seen any other indications from research that Moscow might be behind the attack...

...The declaration left a few other possible options, the researchers said. Meduza is based in Latvia, which appears to be an NSO Group customer. But researchers said there was no evidence that Latvia had the ability to use Pegasus software outside its own border. Germany is a known client, too, but the researchers said they believed it was unlikely that a German police agency – which is believed to use Pegasus – had targeted Timchenko. The Netherlands intelligence and security service, the Dutch intelligence agency, and an Estonian government agency both appear to use Pegasus outside their jurisdiction, including within Europe...

...NSO does not disclose the names of its clients. But a spokesperson appeared to suggest that Russia was not a client. In a statement, the spokesperson said: “NSO only sells its technologies to allies of the US and Israel and always investigates credible allegations of misuse, taking prompt action if warranted.”...