Original Author: Gaya Gupta
A day after the publication of an investigation by two cybersecurity watchdogs showing that a cellphone belonging to the chief executive of an exiled, independent Russian news website had been infected by Pegasus surveillance spyware, several other journalists and media workers for Russian news outlets were reported to have, like her, received earlier notifications from Apple that their iPhones may have been targeted by “state-sponsored attackers.”
Pegasus, which is made by the Israeli firm NSO Group, is a “zero-click” software that can, without needing any triggering action by a recipient, remotely extract messages, contacts, photos and videos from the target’s mobile phone. Released in 2011 and sold under Israeli Defense Ministry license to law enforcement and intelligence agencies around the world — including the F.B.I. — it has been used to help capture drug lords, thwart terrorist plots and fight organized crime.
But New York Times investigations have revealed that the spyware has also been used by some governments, including Mexico, the United Arab Emirates and Saudi Arabia, to spy on journalists and human rights activists. The United States blacklisted NSO Group in November 2021.
According to the two cybersecurity watchdogs whose report was published on Wednesday, the investigation was set off after an Apple notification of a possible state-sponsored attack was sent in June to the iPhone of Galina Timchenko, the co-founder, chief executive, and publisher of Meduza, a prominent Russian independent media outlet operating in exile in Europe.
Meduza reached out to one of the watchdogs, Access Now, which in collaboration with Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, determined that Ms. Timchenko’s phone had been infected while she was in Germany two weeks after Russia deemed Meduza an “undesirable organization” in January. The watchdogs said it was the first documented case of Pegasus being used on a Russian journalist.
On Thursday, Yevgeny Erlich, the former editor in chief of the Baltic-based news program for the Russian independent media outlet, Current Time, posted on Facebook that he had received the Apple notification and warned his readers that their prior communications with him might have been breached. Mr. Erlich’s phone had a Latvian SIM card, as did Ms. Timchenko’s, according to his Facebook post. He wrote that his phone would sometimes heat up or start messaging groups on its own.
Novaya Gazeta Europe, an independent Russian news outlet, also reported on Thursday that its general director, Maria Epifanova, and a Baltic correspondent, Evgeniy Pavlov, received similar notifications from Apple.
The notifications are designed to inform users who may have been targeted by state-sponsored attacks, which are “highly complex, cost millions of dollars to develop, and often have a short shelf life,” according to an Apple support page. Such attacks “apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent.”