Pegasus spyware which is often used against journalists and opposition has been found in 45 countries, possibly including the UK.

Cyber security researchers have found evidence that a piece of malware dubiously referred to as ‘lawful intercept’ software has been deployed against victims in 45 countries.

The malware, known as Pegasus, was created by Israeli cyber-security firm NSO and has been around for at least three years, when it was first detailed in a report over the summer of 2016.

Researchers scanned the internet between 2016 and 2018, looking for servers associated with the Pegasus.

“The number of Pegasus servers we detected in our scans ballooned from about 200 in 2016 to almost 600 in 2018.  This may be an indication that NSO Group is scaling up their operations,” Bill Marczak, senior research fellow at The Citizens Lab and one of the researchers on the team, told the security news website Threatpost here.

Pegasus is modular malware. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. Basically, it can spy on every aspect of the target’s life.

The company that created the spyware, NSO Group, state that they provide “authorized governments with technology that helps them combat terror and crime”.

Researchers found that the spyware was used by governments to spy on journalistshuman rights defendersopposition politicianslawyers, and anti-corruption advocates.

The researchers found suspected NSO Pegasus infections associated with 33 of the 36 Pegasus operators.

“We identified in 45 countries: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia. As our findings are based on country-level geolocation of DNS servers, factors such as VPNs and satellite Internet teleport locations can introduce inaccuracies.”

The data published by Citizen Lab reveals the existence of 36 different groups who deployed the Pegasus spyware against targets located in 45 countries, the surprising part is that this list includes the US, France, Canada, Switzerland, and the UK, countries known to have democratic governments in place.

Citizen Lab says ten of these 36 groups appear to be conducting surveillance in multiple countries and have not limited their spying inside their own country’s borders, an act that may violate surveillance laws active in the states where Pegasus victims may be located.

3 COMMENTS

  1. Is anybody suprised by this ? I wonder what the political response would have been if it was a Russian rather than an Israeli company was behind this.

    • Steven wrote:
      “”Anybody surprised by this ? I wonder what the political response would have been if it was a Russian rather than an Israeli company was behind this.””

      A little more clarity is afforded by this article on the use of the spyware:

      Lawful intercept” Pegasus spyware found deployed in 45 countries
      ,i>At least ten operators of Pegasus spyware have deployed the malware outside their country’s border, new Citizen Lab report finds.

      Security researchers have found evidence that a piece of malware peddled as “lawful intercept” software to government agencies has been deployed against victims located in 45 countries, a number that far outweights the number of known operators, meaning that some of them are conducting illegal cross-border surveillance. The malware, known as Pegasus (or Trident), was created by Israeli cyber-security firm NSO Group and has been around for at least three years –when it was first detailed in a report over the summer of 2016.

      The malware can operate on both Android and iOS devices, albeit it’s been mostly spotted in campaigns targeting iPhone users primarily. On infected devices, Pegasus is a powerful spyware that can do many things, such as record conversations, steal private messages, exfiltrate photos, and much much more. During the past three years, security researchers from Citizen Lab, a laboratory at the Munk School of Global Affairs at the University of Toronto, Canada, have been tracking cases where Pegasus has been deployed in the wild.

      In many instances, the spyware was used by oppressive government regimes to spy on journalists, human rights defenders, opposition politicians, lawyers, and anti-corruption advocates.

      https://www.zdnet.com/article/lawful-intercept-pegasus-spyware-found-deployed-in-45-countries/

LEAVE A REPLY

Please enter your comment!
Please enter your name here