Exiled Media Under Attack: Access Now Documents First-time Use Of Pegasus Against Russian Journalist
NSO Group’s notorious Pegasus spyware is now being used against exiled Russian media critical of Putin’s regime and the war in Ukraine.
A new joint investigation by Access Now and the Citizen Lab uncovers that the iPhone of Galina Timchenko, co-founder, CEO, and publisher of Latvia-based Russian independent media organization Meduza, was infected with NSO Group’s Pegasus spyware while on a trip to Berlin, Germany around February 10, 2023. While the covert use of spyware takes place in the dark, the attack comes two weeks after the Russian government declared Meduza an “undesirable organization” for their critical coverage of Putin’s regime and the war in Ukraine, and amidst E.U. governments’ suspicion of Russian civil society in exile.
“Pegasus spyware and a regime like Putin’s go hand in glove — a dangerous mix of greed and ego that the international community must stamp out,” said Anastasiya Zhyrmont, Eastern Europe & Central Asia Campaigner at Access Now. “This despicable surveillance of independent journalism comes against a wave of harassment, assassination, and persecution of the few anti-war and anti-Putin voices remaining across Russia and the region. In war or in peace times, journalists and media, especially those brave enough to challenge authoritarian regimes, are never legitimate targets for surveillance.”
While Pegasus is designed to obfuscate which customer is behind a particular attack, making it difficult for investigators to attribute, there are three main theories of which state is likely behind the attack:
- E.U. states — primarily Estonia, Germany, or Latvia, who are suspected Pegasus users;
- Russia-allied states that are also suspected Pegasus users — primarily Azerbaijan, Kazakhstan, or Uzbekistan; and
- Russia.
“A Pegasus attack on one of the most respectable independent journalists and prominent Putin critics at the heart of E.U. means one thing — NSO Group must be immediately sanctioned as a threat to human rights, peace, and security in Europe, the U.S., and around the world,” said Natalia Krapiva, Tech-Legal Counsel at Access Now. “NSO Group claims to provide its technology to protect us from terrorists and child molestors, while in practice, it is the go-to tool to undermine democracies and attack independent media and human rights defenders.”
The investigation began after Apple warned Galina Timchenko and other targets in June, 2023, that they may have been targeted with spyware. Meduza’s Chief Technology Officer contacted Access Now to check Timchenko’s device, which was confirmed to have been infected on or around February 10, 2023 with the infection likely lasting several days or weeks after that.
This new analysis includes recommendations for states.
Read the full analysis.