Senior UK officials, PMO hacked using Pegasus: New report

United Kingdom government officials, including an unidentified person in the Prime Minister’s office, were hacked with the Pegasus spyware by operators suspected to be from four countries — United Arab Emirates, India, Cyprus and Jordan, a new report claimed on Monday.

Canada-based Citizen Labs, which first uncovered the widespread deployment of Pegasus in 2018, said in its report that “multiple suspected instances” of the spyware’s infection were found within official UK networks in 2020 and 2021.

“These included the Prime Minister’s Office (10 Downing Street) and the Foreign and Commonwealth Office…The suspected infections relating to the FCO were associated with Pegasus operators that we link to the UAE, India, Cyprus, and Jordan. The suspected infection at the UK Prime Minister’s Office was associated with a Pegasus operator we link to the UAE,” it said.

Pegasus is a military grade spyware made by Israel’s NSO Group with the ability to retrieve all data on a target’s phone, including their communications and files, see what they type, and switch on the device’s camera and microphone stealthily. What makes it particularly dangerous is that it can be silently deployed by attackers who buy it from NSO, making typical cyber hygiene practices irrelevant.

In India, Citizen Labs has in the past estimated that targets have included politicians — belonging to the ruling party as well as the opposition, retired judges, human rights defenders, and journalists. NSO Group has said that it only sells to vetted government clients.

An official, who is part of India’s cybersecurity centre, declined to comment on the matter, saying the larger matter of Pegasus deployments is being investigated by a Supreme Court-appointed committee. On October 20 last year, the Supreme Court set up an expert panel to investigate whether Pegasus spyware was used to snoop on citizens.

It appointed a three-member expert panel, supervised by retired SC judge RV Raveendran, to also ascertain details of people targeted.

Citizen Labs added that since UK’s Foreign Office (now called the Foreign Commonwealth and Development Office) has personnel in many countries, “the suspected FCO infections we observed could have related to FCO devices located abroad and using foreign SIM cards, similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021”.

In past methodologies and techniques of investigation published by Citizen Labs, the group has said that it uses digital forensics to determine indicators of an infection as well as details of which servers infected devices communicated to. Based on these details and the profile of other victims targeted by the same servers, the group identifies the suspected operators, which in this case seems to overlap with UAE, India, Cyprus, and Jordan.