Pegasus spyware is detected in a war zone for the first time

Featured Sponsor

Store	Link	Sample Product
UK Artful Impressions	Premiere Etsy Store

On November 10, 2021, Varuzhan Geghamyan, an assistant professor at Yerevan State University in Armenia, received a notification from Apple on his phone. His device had been compromised by Pegasus, a sophisticated piece of spyware created by the Israeli group NSO that has been used by governments to spy on and suppress journalists, activists and civil society groups. But Geghamyan was puzzled as to why he had been targeted.

“At the time, I was giving public lectures and giving comments, appearing in local and state media,” he says. She was mainly speaking about the ongoing conflict in Nagorno-Karabakh, a disputed territory that is internationally recognized as part of Azerbaijan but has sought independence, backed by Armenia.

in a joint investigation According to Access Now, Citizen Lab, Amnesty International, CyberHub-AM and independent security researcher Ruben Muradyan, the team concluded that Geghamyan was one of 13 Armenian public officials, including journalists, former government employees and at least one official from the United Nations, whose phones were attacked by elite spyware. Amnesty’s investigation previously found that more than 1,000 Azerbaijanis were also included in a leaked list of possible Pegasus targets. Five of them were confirmed to have been hacked.

“It was the first time we documented the use of spyware in a war like this,” says Natalia Krapiva, technology legal adviser at Access Now. With it comes a host of complications.

NSO Group did not provide attributable comment in time for publication.

Nagorno-Karabakh has been the scene of continuous violent clashes between Armenia and Azerbaijan since the fall of the Soviet Union. But in September 2020, these escalated into an all-out war that lasted for about six weeks and left more than 5,000 people killed. Despite a ceasefire agreement, fighting continued until 2021.

In 2022, Human Rights Watch documented war crimes against Armenian prisoners of war, and the region has suffered enormous blocking that has left tens of thousands of people without basic necessities. The researchers found that most spyware victims were infected during and after the war.

“Most of the people attacked were people working on issues related to human rights violations,” says Donncha Ó Cearbhaill, director of Amnesty International’s Security Laboratory.

While investigators were unable to conclusively determine who was behind the surveillance, NSO Group has historically saying that it only licenses its products to governments, particularly law enforcement and intelligence agencies. previous reports has found that Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, Togo and the United Arab Emirates were all potential clients of NSO Group. In 2022, the company saying it would no longer sell to non-NATO countries.

A Pegasus infection is a “zero click” attack, which means that the victim does not need to open a suspicious email or click on a bad link. “There is no behavior that would have protected these people from this spyware,” says John Scott-Railton, principal investigator at Citizen Lab.

Although Pegasus has historically been used by government officials against their own populations, particularly activists and journalists, the company has therefore been the target of international scrutiny, Scott-Railton says that cross-border use in conflict is of particular concern. “NSO always says: ‘We sell our stuff to fight crime and terror’, obviously this suggests that the reality goes further,” he says.