Digital rights watchdog group Citizen Lab said it had warned British officials that electronic devices connected to government networks, including some inside the prime minister's office and foreign ministry, appeared to be infected with Israeli-made spy software.
The spy software is known as Pegasus, a product of Israeli cyberarms dealer NSO Group, according to a blog post published by Citizen Lab.
"We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks," the blog post reads.
An NSO spokesperson said the allegations are "false and could not be related to NSO products for technological and contractual reasons."
A British government spokesperson said "we do not routinely comment on security matters."
Citizen Lab said it believed the targeting connected to the prime minister's office was done by NSO clients in the United Arab Emirates while the British foreign ministry hacking came from other countries, including Cyprus, Jordan and India.
Government spokespeople for the United Arab Emirates, Jordan, India and Cyprus did not immediately respond to requests for comment.
Pegasus can be used to remotely break into iPhones, giving clients deep access into a targeted phone's memory or turning them into recording devices.
Citizen Lab found evidence of the compromised UK devices by monitoring internet traffic and other digital signals to spy servers that control Pegasus for various NSO clients.
"We identified infections emanating from those UK networks based on a variety of network scanning methods we use, and notified the relevant UK authorities of our suspicions at the time for them to follow up," Citizen Lab Director Ron Deibert wrote in the blog post. "We did not have access to any devices, and do not have any information on specific victims."
Citizen Lab is known as one of the leading research groups on mercenary spyware within the cybersecurity industry.
The hacking activity connected to the British prime minister's office was investigated by the UK National Cyber Security Centre, where technicians tested multiple phones to find malware, according to a New Yorker article about NSO Group also published, but the findings were inconclusive.
Pegasus was previously reported to have been used to monitor French President Emmanuel Macron and the associates of journalist Jamal Khashoggi, potentially facilitating his killing.
The NSO Group denied it, according to the New Yorker, saying: "Our technology was not associated in any way with the heinous murder."
Apple has also sued the group, seeking a permanent ban to "prevent further abuse and harm to its users".
At the time Apple's head of security engineering and architecture. Ivan Krstić, said it was unacceptable in a free society "to weaponise powerful state-sponsored spyware against those who seek to make the world a better place".
"We will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group."
The Cupertino-based company said it will donate US$10 million and all damages received from the lawsuit to help organisation with cybersurveillance advocacy and research.
Reuters / Newshub
