Phones of journalists and activists in Europe targeted with Pegasus

The notorious Israeli spyware was used to target journalists often working in exile from their authoritarian home countries, report finds. 
A woman passes by flags of the European Union outside the European commission headquarters in Brussels, on May 23, 2024, ahead of the upcoming European Parliament elections. (Photo by Kenzo TRIBOUILLARD / AFP / Getty Images)

At least seven journalists and activists based in Europe were targeted with NSO Group’s Pegasus spyware between August 2020 and late June 2023, according to a new investigation that underscores the continuing threat that advanced spyware poses to writers and dissidents. 

The new investigation — carried out by the human rights organizations Access Now, the Citizen Lab at the University of Toronto and the independent researcher Nikolai Kvantaliani — finds that  Russian, Belarusian, Latvian and Israeli journalists and activists, several of whom are living in Europe in exile, were targeted by the notorious Pegasus spyware tool beginning as early as 2020, with additional attacks following Russia’s invasion of Ukraine in 2022. 

The findings follow a September 2023 joint investigation carried out by the two organizations that revealed that the notorious Pegasus spyware was used to target Galina Timchenko, the CEO of Meduza, the crusading media outlet based in Latvia that covers Russian affairs. 

While the investigation could not determine who was behind the newly uncovered attacks, the report’s authors argue that it underscores the need for more aggressive action as members of European civil society continue to be targeted by spyware even as policymakers have pledged to crack down on the technology. 


The authors urge “all governments to establish an immediate moratorium on the export, sale, transfer, servicing, and use of targeted digital surveillance technologies until rigorous human rights safeguards are put in place to regulate such practices, and to ban the use of spyware technologies such as Pegasus that have a history of enabling human rights abuses.”

The victims in this case include five journalists and two activists. Two chose to remain anonymous, but five others are cited by name in the report: Evgeny Erlikh, a journalist and television producer living in Latvia; Evgeny Pavlov, another journalist in Latvia; Maria Epifanova, the general director of Novaya Gazeta Europe and director of Novaya Gazeta Baltija, its Baltic outlet; Andrei Sannikov, a prominent Belarusian opposition figure and one-time candidate for president; and Natallia Radzina, the editor-in-chief of the independent Belarusian news outlet 

Radzina — whose phone was infected with Pegasus twice in the first week of December 2022 and again in January 2023, according to Access Now — told CyberScoop in an email that she considers the incidents a violation “of privacy, the secrecy of correspondence and telephone conversations.” Radzina said that her phone had previously been tapped in Belarus, where she was politically persecuted by the KGB, Belarus’s national intelligence agency. 

“I know that for many years my absolutely legal journalistic activity can only be of interest to the Belarusian and Russian special services,” Radzina said, adding that the only thing that scares her about the newly uncovered targeting is that whoever is behind it might be cooperating with Belarus’s KGB or Russia’s FSB. 

The Latvian journalist Pavlov told CyberScoop in an email this week that he was “surprised” to have been targeted, as his “journalistic work in Latvia is legal and transparent.” The only logical reason his phone was targeted, he speculated, was that he works with foreign media. Access Now determined his phone was targeted on or around Nov. 28, 2022 and again on April 24, 2023, but it’s not clear whether the attack was successful. 


“I don’t know to whom I am of interest, but if the intelligence services of any country can interfere in the activities of journalists in this way, then this poses a very big threat to free and safe journalism,” he said.

Erlikh’s phone was targeted between Nov. 28 and 29, 2022, according to Access Now. His wife was also notified by Apple of an attempted attack, according to the report, but investigators  were unable to analyze her phone. 

“Who exactly is watching us? I don’t have a clear answer,” he said in an email, but guessed it could be Latvian or Russian security services. “For the Kremlin, I am an emigrant journalist who left Russia and now collaborates with American media and criticizes Putin’s policies. For Latvia — I am a Russian journalist who now lives in Latvia, and in my programs sometimes criticizes the actions of Latvian politicians. But in fact, I am a citizen of Israel.”

Epifanova, whose phone was targeted in August 2020, told CyberScoop in a phone call that she’s not sure who would have been behind the operation. Even if the Russian government was interested in her journalistic work, it’s unlikely that their security services conducted the targeting, she said. Instead, Epifanova theorized that it might have been the Latvian government — given that she’s a Russian living in Latvia, her news outlet was reporting for local audiences and the complicated relationship between the Russian government and the Baltic states.

“It happens from time to time that Russian journalists in the Baltic countries are being accused of working for the Russian special services,” Epifanova said. “They could have had interest in me and they could have checked me.” 


Nevertheless, the targeting represents an invasion of privacy. She plans to petition the Latvian security services for clarification. 

“If it’s not Latvia who is behind the case, then Latvia should at least be worried that other agencies of other countries are operating on its territory,” she said. “So if it’s somebody else, then, well, it’s also worrying.” 

She added that she’s not “that naive to think that they would provide me all the information they have. And probably I wouldn’t get any answers ever. But still, I believe it’s worth trying once.”

The Latvian Embassy in Washington, D.C. did not respond to a request for comment.

Europe has become a focal point in the battle against mercenary spyware in recent years after a string of instances in which European politicians, journalists and civil society have been targeted by the technology.  


Although the European Union has a reputation for strong technology regulations, activists are growing increasingly frustrated with what they view as a far too laissez-faire approach to spyware rules. 

“I’ve watched European inaction on mercenary spyware with puzzled wonderment,” said John Scott-Railton, a researcher at Citizen Lab. “Given the number of scandals and revelations of human rights abuses and national security breaches, Europe is fast becoming a leader in spyware crises.” 

Scott-Railton said he’s encouraged by growing momentum behind efforts to reckon with spyware abuses, including in Poland, where the newly elected government is taking a close look at how its predecessor used the technology to spy on its rivals. 

One reason why EU authorities have not taken stronger action is that law enforcement and national security issues are the purview of individual member states within the EU, Krapiva, one of the report’s authors, told CyberScoop ahead of the report’s release. 

“States don’t like to be hacked but they want to reserve the right to hack themselves. So states like Spain, and even France, for example, have been active in watering down regulation (e.g., European Media Freedom Act that was supposed to protect journalists from spyware),” she wrote in an online chat. 


In 2022, the European Parliament established the PEGA Committee to investigate spyware abuses and the “maladministration” of EU laws related to spyware. Following a year-long inquiry, the committee documented what it called “systemic issues” in Poland and Hungary, expressed “concerns” over spyware use in Greece and Spain and said stronger regulations were needed. 

PEGA Committee Chair Jeroen Lenaers told CyberScoop in a statement that the committee “strongly condemns the use of spyware by Member State governments” and that action at the union level is “indispensable.” 

But Lenaers said that a moratorium or ban on spyware use is not the “right solution,” as such tools can be “very useful” to tackle serious crime “when used in a legal manner.” He added that it is crucial to set up effective democratic and judicial oversight mechanisms for spyware use and to create legal remedies for individuals whose rights have been violated by the use of spyware.  

Lenaers said that despite his committee’s clear recommendations and multiple attempts to target high-level EU officials using spyware, the EU Commission “is still clearly lacking any sense of urgency” and “continues to refuse to implement any of our recommendations.”

“This is a disgrace [that] enables the abuse of spyware and the unlawful targeting of innocent journalists and activists to continue,” Lenaers said.


Sophie In ‘t Veld, a Dutch member of the committee, said after the report was released in March 2023 that “not one government has really been held accountable.” Ahead of Access Now’s report release this week, she told CyberScoop in a statement that spyware abuse in Europe “is out of hand,” and pointed to a continued lack of action. 

“Whereas the U.S. has the federal government as acting sheriff, the EU has become a kind of lawless wild west, with no-one keeping order,” she said. “The European Commission is playing a very dangerous game, by consciously not upholding the laws that are broken by EU member state governments, when they use commercial spyware. The Commission wrongly feels like it should not infringe on the freedom of member state governments to use these tools. It can act, or at least try, but chooses not to do so for political expediency.”

The EU Commission did not immediately respond to a request for comment. 

Latest Podcasts