Pegasus spyware discovered on U.K. government networks

Computers used by staffers in the U.K. prime minister's office were infected with NSO Group spyware, according to Citizen Lab.

The academic research lab at the University of Toronto issued a statement Monday confirming a New Yorker report regarding the discovery of Pegasus spyware on a device that was connected to U.K. Prime Minister Boris Johnson's office. According to Citizen Lab, a threat actor based in the United Arab Emirates (UAE) was behind an attack that began with targeted infections on systems used by the British Foreign and Commonwealth Office (FCO) and ended up with compromised systems within the network at the prime minister's office at 10 Downing Street in London.

Citizen Lab director Ronald Deibert said that in 2020 and 2021, its researchers caught wind of suspected Pegasus malware activity on networks operated by the U.K. government. After some investigation, Citizen Lab researchers discovered multiple infections from threat actors in a variety of countries.

"The suspected infections relating to the FCO were associated with Pegasus operators that we link to the UAE, India, Cyprus, and Jordan," Deibert said in the statement. "The suspected infection at the UK Prime Minister's Office was associated with a Pegasus operator we link to the UAE."

It's possible that the attacks might not have been targeting systems on U.K. soil. Deibert said a branch office for the FCO overseas might have been the entry point for the attackers.

"Because the UK Foreign and Commonwealth Office and its successor office, the Foreign Commonwealth and Development office (FCDO), have personnel in many countries, the suspected FCO infections we observed could have related to FCO devices located abroad and using foreign SIM cards, similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021," Deibert said.

Developed and operated by the Israel-based NSO Group, Pegasus spyware is pitched as a tool for monitoring organized crime and terrorism, but has gained notoriety for being used by authoritarian regimes to target dissidents, journalists and political opposition both locally and abroad.

Most notably, the Pegasus spyware was connected to the tracking that led to the assassination of journalist Jamal Khashoggi at the hands of the Saudi government.

The U.K. government's infection is just one of multiple Pegasus infiltrations that Citizen Lab has detected as of late. The research lab also reported Monday that another Pegasus deployment had been spotted on networks operated by groups in Spain that were advocating independence in the Catalonia region.

According to Citizen Lab, some 65 computers were infected with the spyware, and most were used by local government officials, academics and even European Union representatives who had advocated for autonomy in the region.

"The hacking covers a spectrum of civil society in Catalonia, from academics and activists to non-governmental organisations," Citizen Lab reported. "Catalonia's government and elected officials were also extensively targeted, from the highest levels of Catalan government to Members of the European Parliament, legislators, and their staff and family members."