therecord.media
Open in
urlscan Pro
2606:4700:4400::6812:20b5
Public Scan
URL:
https://therecord.media/meduza-ceo-hacked-pegasus-spyware-russian-journalist
Submission: On September 14 via api from TR — Scanned from DE
Submission: On September 14 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input type="text" name="s" placeholder="Search…" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * People * Technology * Mobile App * About * Podcast * Contact Go SUBSCRIBE TO THE RECORD Subscribe Daryna AntoniukSeptember 13th, 2023 * Government * Malware * Nation-state * News * Privacy * Technology * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. EXILED RUSSIAN JOURNALIST HAD PHONE HACKED WITH PEGASUS SPYWARE The phone of a prominent Russian journalist and critic of the Kremlin was infected with Pegasus spyware, according to new research. The notorious spying software developed by the Israeli company NSO Group was reportedly installed on the iPhone of Galina Timchenko, owner of the Russian independent media outlet Meduza, while she was in Berlin for a private conference with other Russian independent journalists living in exile. It is the first documented case of a Pegasus infection targeting a Russian citizen, according to Access Now, one of the nonprofits that investigated the hack. The attack took place in February, two weeks after the Russian government outlawed Meduza for its critical coverage of Vladimir Putin’s regime and the war in Ukraine, the researchers said. Meduza relocated its office to Latvia in 2014, and people living in Russia today can only access its website through a VPN. Meduza markets itself as one of the few Russian independent media outlets whose coverage remains free from control or censorship by the Kremlin. Earlier in June, Timchenko received a notification from Apple that her phone might be a target for state-sponsored hackers. Timchenko didn't give this warning much thought, as, according to a Meduza report, the Russian authorities have been trying to hack or disrupt her newsroom's infrastructure for years. Yet, Access Now, a nonprofit advocating for digital rights, and the University of Toronto's Citizen Lab discovered that Timchenko's iPhone had been infected with Pegasus spyware. This spyware can access calls, messages, and photos, activate the device's camera and microphone, and track the phone's location. “I am not sure what those behind the Pegasus hacking could have found on my device,” Timchenko told Access Now. “I have set very strict boundaries for my digital and regular life a long time ago.” Timchenko said she is mainly worried that those who hacked her phone might now have her contact list, which is especially risky if the attackers were from Russia, “where any citizen can be persecuted for cooperating with 'undesirable' organizations.” WHO'S BEHIND THE HACK? Pegasus is exclusively sold to government agencies, but the researchers said they couldn’t determine who was behind the attack. NSO Group did not immediately respond to a request for comment. According to Citizen Lab, there's no evidence that the Russian government uses Pegasus. However, it's possible that countries with ties to Russia, like Azerbaijan, Kazakhstan, or Uzbekistan, may have hacked Meduza on behalf of the Kremlin. Additionally, the researchers said Latvia or Germany could have been involved, as they are respectively where Meduza is located and where Timchenko’s phone became infected. Access Now's earlier research uncovered that Pegasus was used to target Armenian journalists, activists, government officials, and civilians during the war between Armenia and Azerbaijan in the contested Nagorno-Karabakh region. There is no evidence of Azerbaijan or Kazakhstan targeting people in Germany, Latvia, or other E.U. states, according to Citizen Lab. MEDUZA’S RESPONSE After confirming the Pegasus infection on Timchenko's phone, Meduza's leadership held an emergency meeting in its offices. "We were all terrified but pretended we weren’t," said the head of Meduza's technical division, whose name is being kept confidential for safety reasons. Meduza reported that Timchenko tried to "laugh it off," but eventually, she burst into tears. “I already felt like I’d been stripped naked in the town square. Like someone had reached into my pocket. Like I was dirty somehow. I wanted to wash my hands,” she said. According to researchers, it's extremely difficult to stop Pegasus from infecting any targeted device running a single vulnerable application, even those pre-installed by Apple itself. Citizen Lab's analysis suggests that the attackers probably got into Timchenko's iPhone through a zero-click exploit in HomeKit and iMessage. A zero-click exploit allows an attacker to compromise a device or system without any interaction or action required from the user. Timchenko had no reason to suspect anything was wrong with her iPhone, except for moments when it seemed warmer than usual, which she attributed to her new charger, according to Meduza. On Wednesday, Meduza’s chief editor, Ivan Kolpakov, released a statement in Russian, saying that Timchenko's phone hack demonstrates that Russian exiled journalists “can't feel safe even in Europe.” “Independent journalists from Russia and other nations might feel trapped, facing pressure from both their own governments and their formidable security systems, as well as the intelligence agencies in the countries where they seek refuge,” Kolpakov said. According to Kolpakov, Meduza, and its reporters are under constant threat from attackers in both the physical world and the digital space. Since Meduza’s first days, Russian state-sponsored hackers consistently targeted it with DDoS attacks, phishing emails, and cyberattacks aimed at its mobile application. "They intimidate us and try to make us think only about our safety and not about our work," he said. * * * * * Tags * Russia * Ukraine * journalist * spyware * Pegasus * NSO Group * Access Now * Citizen Lab DARYNA ANTONIUK Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post. Previous articleNext article White House urging dozens of countries to publicly commit to not pay ransoms Lawmaker slams White House refusal to create plan for economy after potential cyberattack BRIEFS * US-Canada water commission investigating cyberattackSeptember 13th, 2023 * Phishing campaign uses Word documents to distribute three malware strainsSeptember 12th, 2023 * US Cyber Command wrapped second ‘hunt forward’ mission to LithuaniaSeptember 12th, 2023 * Nearly 15,000 accounts raided at automaker sites to harvest vehicle IDs, report saysSeptember 12th, 2023 * Council of Europe report calls use of Pegasus spyware by several countries potentially illegalSeptember 11th, 2023 * Google Play axes batch of Telegram clones that spy on usersSeptember 11th, 2023 * Israel investigates potential breach of lawmakers’ phonesSeptember 11th, 2023 * Sri Lankan government loses months of data following ransomware attackSeptember 11th, 2023 * FTC settles with genetic testing firm accused of violating customer privacySeptember 8th, 2023 EMPIRE DRAGON ACCELERATES COVERT INFORMATION OPERATIONS, CONVERGES WITH RUSSIAN NARRATIVES Empire Dragon Accelerates Covert Information Operations, Converges with Russian Narratives CONVERGING NARRATIVES ON HAWAII WILDFIRES ADVANCE DIFFERENT INFLUENCERS’ OBJECTIVES Converging Narratives on Hawaii Wildfires Advance Different Influencers’ Objectives MALIGN NARRATIVES OPPOSE “THE VOICE” AHEAD OF AUSTRALIA’S REFERENDUM Malign Narratives Oppose “the Voice” Ahead of Australia’s Referendum H1 2023: RANSOMWARE'S PIVOT TO LINUX AND VULNERABLE DRIVERS H1 2023: Ransomware's Pivot to Linux and Vulnerable Drivers THREAT ACTORS LEVERAGE INTERNET SERVICES TO ENHANCE DATA THEFT AND WEAKEN SECURITY DEFENSES Threat Actors Leverage Internet Services to Enhance Data Theft and Weaken Security Defenses * * * * * Privacy Policy © Copyright 2023 | The Record from Recorded Future News