Finnish diplomats' cellphones were targeted and infected with the infamous Pegasus spyware made by the Israeli cyberoffense firm NSO, the country’s foreign ministry said Friday.
Also on Friday, The New York Times reported that former Prime Minister Benjamin Netanyahu used NSO's spyware as a central pillar of Israel's diplomatic policy in recent years, confirming past reporting by Haaretz. The report revealed that Netanyahu used Pegasus in deals with Gulf and European states, and even Mexico.
The investigation also revealed that despite long-standing U.S. concerns regarding the cyberoffense firm, the FBI was in touch with NSO about buying a new version of its spyware as late as 2019. However, U.S. officials were concerned with the legality of hacking into American citizens' cellphones.
Read more >> NSO Spyware Targeted Yemen War Crimes Investigator, Report Says ■ The Israeli cyber weapon used against 180 journalists ■ Israeli NSO Spyware Found on Phones of U.S. State Department Officials ■ Apple Sues Israeli Spyware Firm NSO Over Surveillance of Users ■ How Israeli Spy-tech Became Dictators' Weapon of Choice ■ Two UAE Princes Each Got Their Own Personal NSO Spyware ■ Global Reckoning Begins for Spyware and Its Tools of Repression
In an official announcement published Friday, the Finnish Foreign Affairs Ministry said that “Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group.
“The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part. Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features,” the statement said.
According to its statement, the Finnish ministry worked with authorities and additional “stakeholders” to investigate possible spying in recent months. They determined that “the case was directed at posted employees working in Finnish missions abroad.”
They said the investigation allowed them to “determine the timeline of the activities” and conclude that the “espionage is no longer active.” The Finnish statement did not say who the suspected operator behind the Pegasus attack was.
NSO did not respond to a request for comment on the announcement and does not comment on the identity of its clients.
NSO sells its services to intelligence and law enforcement agencies across the world. The firm's clients select their targets and attempt to infect them with Pegasus, which provides full access to a target's phone, including their camera and microphone and all the data stored on the device.
A few months ago, Apple and reports by Reuters, CNN and Bloomberg revealed that at least 11 U.S. State Department officials stationed in Uganda were targeted with Pegasus. The hack led the U.S. Department of Commerce to blacklist the firm for permitting a client – most likely either Rwanda or Uganda – to spy on diplomats.
Friday’s revelations show how, while the U.S. was concerned with Pegasus, different U.S. government agencies also sought to make use of it. According to the report, while the FBI and others were contemplating buying NSO’s spyware, America decided to purchase the system for Djibouti. This was likely done as part of the wider assistance the U.S. provides the eastern African country, which gives the U.S. access to its port and even serves as a home for U.S. military personnel.
Meanwhile, an Israeli financial daily reported last week that police have been using NSO spyware on a list of Israeli targets since 2013, including protest leaders and politicians. It was the first indication that the software was being used against Israelis, with investigations overseen only by the police and without a warrant or court order.