Finnish diplomats’ phones infected with NSO Group Pegasus spyware

Finland’s Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group’s Pegasus spyware in a cyber-espionage campaign.

“Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity,” the Ministry said in a statement published today.

“The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part.”

After compromising the diplomats’ devices, the attackers may have also collected and stolen data or further compromised their smartphones.

The attacks targeted officials from Finnish missions abroad, as discovered following an investigation that started in the autumn of 2021.

While the data transmitted or stored on diplomats’ phones is either public or classified at the lowest level of classified information, the Finnish Ministry for Foreign Affairs says the attackers could still access some info subject to diplomatic confidentiality.

“The Ministry for Foreign Affairs is continually monitoring events and activities in its operating environment and assessing related risks. The Ministry for Foreign Affairs monitors its services and strives to prevent harmful activities,” the Ministry added.

“The preparation of and decisions on foreign and security policy, in particular, are matters that attract much interest, which may also manifest itself as unlawful intelligence. The Ministry responds to the risk by various means, but complete protection against unlawful intelligence is impossible.”

Pegasus spyware also deployed on US officials’ phones

In early December, following an Apple warning sent to their devices, US Department of State employees also found that their iPhones had been hacked with an iOS exploit dubbed ForcedEntry to install Pegasus spyware developed by Israeli surveillance firm NSO Group.

The news of Department of State employees’ phones being hacked came on the heels of the US sanctioning NSO Group and three other entities from Israel, Russia, and Singapore last month for developing spyware and selling hacking tools used by state-backed threat actors.

In early November, Apple also filed a lawsuit against NSO for targeting and spying on Apple users using surveillance technology and tools.

For instance, as Apple revealed in court documents, NSO’s ForcedEntry exploit (also used to hack the US State Dept employees) was used by state hackers to breach Apple devices and install Pegasus spyware, as Citizen Lab revealed in August.

Apple said at the time that it will notify all those targeted with the ForcedEntry exploit in state-sponsored spyware attacks in the future, “in accordance with industry best practices.”