Digital rights watchdog group Citizen Lab said on Monday it had warned British officials that electronic devices connected to government networks, including some inside the prime minister’s office and foreign ministry, appeared to be infected with Israeli-made spy software.
The spy software is known as Pegasus, a product of Israeli cyberarms dealer NSO Group, according to a blog post published by Citizen Lab.
“We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks,” the blog post reads.
An NSO spokesperson said the allegations are “false and could not be related to NSO products for technological and contractual reasons”. A British government spokesperson said “we do not routinely comment on security matters”.
Citizen Lab said it believed the targeting connected to the prime minister’s office was done by NSO clients in the United Arab Emirates while the British foreign ministry hacking came from other countries, including Cyprus, Jordan and India. Cyprus authorities “categorically deny” any involvement in the matter, government spokesperson Marios Pelekanos told Reuters.
“However, to avoid any further speculations on a Cyprus link, we note that the Government of the Republic of Cyprus, which enjoys excellent relations with the British Government in all fields, has never been approached with any sort of inquiry on the subject at large by the relevant British authorities,” he said in an emailed statement.
Government spokespeople for the United Arab Emirates, Jordan and India did not immediately respond to requests for comment. Pegasus can be used to remotely break into iPhones, giving clients deep access into a targeted phone’s memory or turning them into recording devices.
Citizen Lab found evidence of the compromised UK devices by monitoring internet traffic and other digital signals to spy servers that control Pegasus for various NSO clients.
“We identified infections emanating from those UK networks based on a variety of network scanning methods we use, and notified the relevant UK authorities of our suspicions at the time for them to follow up,” Citizen Lab Director Ron Deibert wrote in the blog post. “We did not have access to any devices, and do not have any information on specific victims.”
Citizen Lab is known as one of the leading research groups on mercenary spyware within the cybersecurity industry. The hacking activity connected to the British prime minister’s office was investigated by the UK National Cyber Security Centre, where technicians tested multiple phones to find malware, according to a New Yorker article about NSO Group also published on Monday, but the findings were inconclusive.