Skip to main content

Suspected Pegasus spyware infections target UK Prime Minister's Office

Close up of woman's hand using smartphone in the dark
(Image credit: Getty)

Multiple suspected instances of Pegasus spyware infections (opens in new tab) have been detected within official UK networks, according to research by Citizen Lab.

Experts at the Toronto-based research facility found evidence of surveillance software being present on devices associated with the UK Prime Minister’s Office and 10 Downing Street.

However, investigations also found instances of surveillance software on devices linked to the British Foreign and Commonwealth Office (FCDO) in its former incarnation as the Foreign Commonwealth Office (FCO).

“We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks,” wrote Citizen Lab’s director Ron Deibert on Monday.

Related: Best identity theft companies (opens in new tab).

Surveillance spyware

Pegasus is spyware that has been developed by the Israeli cyber-arms company NSO Group. It can be used to target mobile phones running iOS and Android software and is frequently called upon by governments to tackle crime and terrorism activities.

The US has already sanctioned NSO Group and UK MPs have urged Prime Minister Boris Johnson to do the same. The spyware producer has previously been sued by Meta, the owner’s of WhatsApp in 2019 for enabling the monitoring of its Android users. Apple subsequently did the same thing some two years later.

The government departments have employees in numerous locations around the world and some of the suspected infections are thought to be related to SIM cards used overseas.  

Researchers suspected the spyware infection associated with 10 Downing Street was linked to a Pegasus operator linked to the United Arab Emirates (UAE). Meanwhile, the FCO spyware links were suspected to be associated with India, Cyprus and Jordan, as well as the UAE.

During their investigations, Citizen Lab also identified more than sixty people with links to Catalan civil society groups in Spain, who had been targeted or infected by the spyware. Others had been targeted with Windows surveillance software from Candiru, which has been developed by another Israeli spyware maker.

While they couldn't attribute the attacks to a specific group the researchers found circumstantial evidence that suggested the involvement of Spanish authorities.

Take a look at the best data recovery software (opens in new tab).

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.