Amnesty International disclosed on Thursday that two investigative journalists from Serbia fell victim to targeted spyware attacks utilizing NSO Group’s Pegasus software. The journalists, affiliated with the Balkan Investigative Reporting Network (BIRN), were reportedly subjected to spyware last month through messages sent on the Viber messaging app.
The journalists, known by the pseudonyms Bogdana and Jelena Veljkovic, received suspicious messages from an unidentified Serbian number linked to Telekom Srbija, the state telecommunications operator. These messages contained links to a domain later confirmed by Amnesty International to be associated with Pegasus spyware.
Upon sensing something amiss, the journalists sought assistance from Amnesty International’s Security Lab, which examined their devices forensically. The lab affirmed that their smartphones had indeed been targeted with Pegasus spyware. Notably, unlike the typical infection method of requiring a click on a link, this attack employed a one-click infection method, necessitating the journalists to click on the malicious link for the spyware to activate.
This incident is part of a troubling trend of digital surveillance in Serbia, as noted by Amnesty International. It marks the third known instance in two years of Pegasus spyware being used against Serbian civil society members. Previous attacks targeted activists and high-profile figures associated with protest movements, underscoring the ongoing use of intrusive surveillance tools to monitor and intimidate individuals in the country.
Pegasus, developed by the Israeli company NSO Group, stands out as a highly sophisticated commercial spyware tool that allows attackers to gain remote access to a target’s smartphone. This access enables complete control over calls, messages, photos, and even the device’s microphone and camera. Despite NSO Group’s claims of selling the technology exclusively to vetted government entities for combating terrorism and crime, investigations have consistently revealed its misuse against journalists, activists, and political adversaries on a global scale.
In response to Amnesty International’s revelation, NSO Group maintained that all system sales are made to vetted government end-users. However, the persistent use of Pegasus in Serbia suggests state involvement in these attacks.
The journalists impacted by the spyware attack expressed apprehension about the implications. Bogdana, engaged in a sensitive report on foreign investments and corruption at the time, felt violated upon discovering her compromised phone. Jelena Veljkovic, although avoiding clicking on the malicious link, felt unsettled by the targeting. Both journalists view the attack as an effort to quash investigative reporting in Serbia.
Serbia has come under scrutiny for its escalating repression of journalists, activists, and protestors. Recent anti-government demonstrations in Belgrade laid bare tensions between civil society and authorities, with allegations of illegal surveillance and use of sonic weapons surfacing. Additionally, revelations of Serbian authorities employing Cellebrite software to unlock and install spyware on civilians’ phones point to an expanding state surveillance apparatus.
Amidst these challenges, organizations like BIRN continue to face threats, harassment, and legal actions, including Strategic Lawsuits Against Public Participation (SLAPPs) from government officials. The urgent need for accountability and action to safeguard press freedom, human rights, and democracy looms large until concrete measures are taken against those perpetrating digital surveillance on journalists and activists.