NSO's Pegasus spyware used to hack exiled Russian journalist

Galina Timchenko led a media outlet Moscow declared ‘undesirable’

NSO's Pegasus spyware used to hack exiled Russian journalist

An exiled Russian journalist living in Europe was hacked using NSO Group's Pegasus spyware in February - but opinions are split on the culprit.

Galina Timchenko was hacked on or around 10th February while she was based in Berlin, according to a joint investigation by the Citizen Lab and Access Now.

The attack - the first recorded use of spyware against an independent Russian journalist - took place shortly before a meeting in Berlin of the main independent Russian media in exile.

The meeting, organised by Redkollegia, saw delegates talking about the pressure they were under and how to respond to it.

Timchenko told The Guardian the hackers "could have eavesdropped on this meeting" through her.

Israel's NSO Group is a known and controversial spyware maker. An investigation found its most well-known product, Pegasus, in widespread use on devices belonging to journalists, rights activists and other prominent individuals worldwide in 2021.

Pegasus gives the hacker full control over a device - normally a smartphone - including access to files, encrypted apps like WhatsApp and system functions like the camera and microphone.

Since its exposure, former backers and governments have taken punitive action against NSO Group - including Amazon, which shuttered the firm's infrastructure. The Group has gone through two CEOs and made over 100 staff redundant.

However, NSO Group - which is regulated by the Israeli government - is still selling Pegasus to government agencies around the world.

Attribution - always a challenge

Timchenko is convinced that Russia is behind the hack.

"Before this, all the other attacks were from Russia. We've had a number of different attacks and they were all from Russia. So if it swims like a duck, quacks like a duck, it's probably a duck."

Russia would be the most obvious candidate to have attacked Timchenko, who co-founded Meduza: a website with a record of publishing articles criticising the war in Ukraine and investigating the Russian ruling class.

However, researchers are not convinced.

Citizen Lab and Access Now thought it "unlikely" that Russia was a client of NSO Group. In a statement, an NSO spokesperson indicated that the company does not sell to Russia:

"NSO only sells its technologies to allies of the US and Israel and always investigates credible allegations of misuse, taking prompt action if warranted."

Several other options have been considered, including Latvia - where Meduza is based - Germany, the Netherlands and Estonia, or Russian allies like Azerbaijan or Kazakhstan.

However, the researchers have not yet drawn any firm conclusions.