On September 14, 2023, it was revealed that the iPhone of Galina Timchenko, a well-known Russian journalist and government critic, had been compromised with NSO Group's Pegasus spyware. This information comes from a joint investigation conducted by Access Now and the Citizen Lab.

The infiltration is believed to have occurred around February 10, 2023. Timchenko is the editor-in-chief and owner of Meduza, an independent news publication based in Latvia. The source of the malware is currently unknown.

According to The Washington Post, the Russian government is not a customer of NSO Group, as stated by an anonymous individual familiar with the company's activities.

The Citizen Lab stated, "During the infection, her device was located in the GMT+1 time zone, and she reports she was in Berlin, Germany. The day after the infection, she was scheduled to attend a private meeting with other heads of Russia's independent media exiled in Europe to discuss how to deal with the Putin regime's threats and censorship."

The breach was made possible by a zero-click exploit called PWNYOURHOME, which was discovered in April 2023. This exploit combines HomeKit and iOS's iMessage to bypass BlastDoor protections.

Timchenko received a threat notification from Apple on June 23, 2023, warning that her iPhone may have been targeted by state-sponsored attackers. This is the first documented case of Pegasus spyware being placed on a Russian target's phone.

Pegasus, developed by NSO Group based in Israel, is a powerful spy tool that can gather sensitive information from infected devices. It can be remotely installed without the user taking any action, making it a zero-click exploit. Although Pegasus is supposedly licensed to governments and law enforcement agencies to combat serious crime, it has been widely misused to spy on members of civil society.

Upcoming Webinar: Identity is the New Endpoint: Mastering SaaS Security in the Modern Era

Dive deep into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Discover why identity is the new endpoint. Secure your spot now. Boost your skills.

The Committee to Protect Journalists (CPJ) has emphasized the importance of governments implementing an immediate moratorium on the development, sales, and use of spyware technologies, stating that "journalists and their sources are not free and safe when they are spied on, and this attack on Timchenko underlines the need for governments to impose an immediate moratorium on development, sales and use of spyware technologies."

This news about the spyware infection comes shortly after Apple hurriedly patched two zero-day exploits in iOS that were being used in the wild to distribute Pegasus. Users who face a higher risk of spyware threats are advised to enable Lockdown Mode on their iPhones to mitigate such risks.

If you found this article interesting, follow us on Twitter and LinkedIn to read more exclusive content.