UK PMO was targeted with Pegasus by operators in UAE, India, others: Citizen Lab
The office of the Prime Minister of the United Kingdom (UK PMO) was reportedly targeted by operators using infamous cyber surveillance software, Pegasus. These operators also targeted other UK government departments, such as the United Kingdom Foreign, Commonwealth and Development Office (FCDO), and are based in nations such as the United Arab Emirates (UAE), India and Cyprus. The findings were shared on Monday, April 18 by researchers at The Citizen Lab in Munk School of Global Affairs & Public Policy, University of Toronto.
The disclosure of these findings come shortly after UK Prime Minister, Boris Johnson, announced an upcoming trip to India for later this week. During the visit, Johnson said on Twitter that his meetings will involve promoting bilateral opportunities in fields "from job creation and economic growth, to energy security and defence."
In an official statement announcing the findings, Ron Deibert, director of The Citizen Lab, said, "We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks."
The use of the Pegasus spyware tool created plenty of furore through 2021, as reports regarding its use by government backed entities to track opposition voices and their movements surfaced in India as well as other nations. In November 2021, the United States Department of Commerce announced sanctions against Israel's NSO Group, the makers of Pegasus, for deliberately spreading a tool that could be used as an anti-democratic instrument.
Alongside the UK PMO and the FCDO, The Citizen Lab further reported that numerous civil society groups in Catalonia, an autonomous region in Spain that has been long since issued demands for its independence from the latter, were also targeted and infected with the Pegasus spyware. The use of the spyware tools in Catalonia could reportedly be an organised effort, and also involved the use of Windows-based spyware developed by Candiru.
Deibert also added, "The United Kingdom is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy, as well as redress for spyware victims. We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware. Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK Government was aware of the ongoing spyware threat, and took appropriate action to mitigate it."
The Citizen Lab has also disclosed that the use of Pegasus could well be even more widespread beyond what they have reported, since their detection tool focuses on finding the spyware in iOS devices — leaving a vast majority of Android smartphones under-inspected.