Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland tar...
1 of 3
https://www.accessnow.org/publication/civil-society-in-exile-pegasus/
Exiled, then spied on: Civil society in Latvia,
Lithuania, and Poland targeted with Pegasus spyware
- Access Now
Natalia Krapiva @natynettle
// What we found
Following last year’s joint investigation into the use of NSO Group’s Pegasus spyware against
Galina Timchenko, co-founder, CEO, and publisher of Meduza, Access Now, the Citizen Lab at
the Munk School of Global Affairs & Public Policy at the University of Toronto (“the
Citizen Lab”), and independent digital security expert Nikolai Kvantiliani have uncovered how at
least seven more Russian, Belarusian, Latvian, and Israeli journalists and activists have
been targeted with NSO Group’s Pegasus spyware within the EU.
// Who was targeted
One victim, who has chosen to remain anonymous, is a member of Belarusian civil society
currently based in Vilnius, Lithuania. After receiving an Apple threat notification on June
22, 2023, that their device had been targeted with a state-sponsored attack, they reached out to the
Citizen Lab for digital security support, who analyzed the device and confirmed that it was
infected with Pegasus spyware on or around March 25, 2021. This date, “Freedom Day” (Dzień
Voli), is a significant one, as it commemorates the Belarusian Democratic Republic’s 1918
declaration of independence. Freedom Day celebrations have historically been suppressed by
Belarusian officials.
Another Russian journalist living in exile in Vilnius since Russia’s full-scale invasion of
Ukraine, and who has also chosen to remain anonymous, received two Apple threat notifications on
October 31, 2023, and on April 10, 2024. Access Now’s Digital Security Helpline, with the
technical confirmation of the Citizen Lab, identified an attempt to infect the journalist’s
device on or around June 15, 2023. On June 16, the journalist attended an event in Riga, Latvia, for
Russian journalists in exile, which was organized by the Baltic Center for Media Excellence
(BCME), DW Academy, and Sustainability Foundation. This event highlighted the ongoing
vulnerabilities faced by media professionals in the region, underscoring the critical need for robust
digital security measures. There were also other significant circumstances surrounding the June 15
hacking attempt that the journalist decided to keep private at this time due to personal safety
concerns.
Three additional victims, all based in Riga, Latvia, received Apple threat notifications. Access
Now’s Digital Security Helpline analyzed their devices, with the Citizen Lab reviewing our results:
• Evgeny Erlikh, an Israeli-Russian journalist and the author and former producer of Baltic
Weekly, on Current Time, RFE RL’s 24/7 Russian-language TV network. Our analysis
showed that Erlikh’s iPhone was infected with Pegasus spyware between November 28 and
29, 2022. At the time, Erlikh was vacationing in Austria with his spouse, who also received an
Apple threat notification, but we were unable to forensically analyze her phone.
7/5/2024, 3:46 PM