The iPhone belonging to Galina Timchenko, a prominent Russian journalist and government critic, was compromised by NSO Group’s Pegasus spyware, a new collaborative investigation by Access now and the Citizen laboratory found.
The infiltration allegedly took place around February 10, 2023. Timchenko is the editor-in-chief and owner of Meduzaan independent news publication based in Latvia.
It is currently unclear who deployed the malware on the device. The Washington Post reported that the Russian government is not a customer of NSO Group, citing an unnamed person close to the company’s operations.
“During the infection, her device was tracked to the GMT+1 time zone and she reported being in Berlin, Germany,” Citizen Lab said. “The day after infection, she was scheduled to attend a private meeting with other Russian independent media executives exiled in Europe to discuss how to deal with threats and censorship from the Putin regime.”
The breach was facilitated by a zero-click exploit known as PWNYOURHOME, revealed in April 2023, which combines HomeKit and iOS’s iMessage to defeat BlastDoor protections.
The findings come after Timchenko received a threat notification from Apple on June 23, 2023, that state-sponsored attackers may have targeted its iPhone.
This is the first documented case in which the notorious spyware was planted on a Russian target’s phone. Pegasus, developed by Israel-based NSO Group, is a powerful spying tool capable of collecting sensitive information from infected handsets.
It can be installed remotely on a phone without the victim clicking on a link or taking any other action, a technique known as a zero-click exploit. While Pegasus is ostensibly authorized by governments and law enforcement to combat serious crimes, it has repeatedly been misused to eavesdrop on members of civil society.
Identity is the New Endpoint: Mastering SaaS Security in the Modern Age
Dive into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Find out why identity is the new endpoint. Reserve your place now.
The Committee to Protect Journalists (CPJ) said “Journalists and their sources are neither free nor safe if they are spied on, and this attack on Timchenko highlights that governments must implement an immediate moratorium on the development, sale and use of spyware technologies .”
News of the spyware infection also comes days after Apple rushed to patch two zero-day exploits in iOS that were used as weapons to distribute Pegasus. Users at increased risk of spyware threats are recommended to enable Lock Mode on iPhones to mitigate these threats.