Security experts report that two advocates for democracy faced attempted hacking believed to be orchestrated by a state entity.
Security researchers have uncovered new evidence indicating that critics of Serbia’s nationalist government, who have meticulously documented widespread corruption in the country, were subjected to an attempt of infiltration using military-grade spyware earlier this year.
The targeted hacking aimed at two pro-democracy activists in Serbia, who, for their safety, have chosen to remain anonymous. Fortunately, the hacking attempt proved unsuccessful as both individuals had diligently updated their Apple iPhones with the latest iOS software, providing a robust defense against infiltration, as noted by the researchers.
Apple was the first to alert the individuals about the attempted hack, issuing warnings that they may have been targeted by a state-sponsored actor. Subsequent investigations by security experts from Access Now, the Share Foundation in Serbia, the Citizen Lab at the Munk School at the University of Toronto, and Amnesty International confirmed the validity of the alerts.
The revelations follow recent disclosures by researchers that Russian journalists critical of Vladimir Putin, residing within the European Union, had also fallen victim to spyware attacks. Despite efforts by the Council of Europe and the European Parliament to promote policies curtailing spyware usage, the emergence of new cases within the bloc suggests a possible inclination by some European governments to persist in utilizing spyware as a means to suppress and intimidate political dissent.
Natalia Krapiva, the tech-legal counsel at Access Now, expressed deep concern, stating, “These findings pose a serious threat to the rule of law and democracy in Serbia. The unbridled use of commercial spyware not only undermines human rights but also jeopardizes security and democratic institutions in any country.”
The researchers discovered that the Serbian activists were targeted within a minute of each other around August 16, 2023. Access Now and Citizen Lab identified traces of the attempted attack, which aimed to exploit a potential vulnerability in the iPhone’s HomeKit application.
The researchers noted that the utilization of this technical vulnerability was “consistent” with methods previously associated with states employing one of the world’s most sophisticated cyber weapons, known as Pegasus, supplied by Israel’s NSO Group. When successfully deployed, Pegasus can effectively take control of a mobile phone, transforming it into a portable listening device. Additionally, it can access encrypted applications, view a user’s photographs, and read messages.
One individual, claiming to be a target of the hacking attempt, shared with The Guardian that their work primarily involves critiquing Serbia’s “autocratic regime,” highlighting the country’s pervasive corruption, and scrutinizing the current government’s pro-Russian foreign policy, which diverges from the EU stance on issues like sanctions against Moscow.
According to the interviewee, the attempted hacking seemed to be a deliberate effort to intimidate or undermine their work, possibly aimed at uncovering compromising information. Both targeted individuals believed that the hacking attempts could also be linked to their advocacy for official inquiries into the government’s handling of a mass shooting that resulted in the deaths of 17 people, including children, the previous summer.
In the aftermath of the shooting, widespread protests ensued, with demonstrators condemning the populist president Aleksandar Vučić, whom they accused of fostering divisions within the country that some asserted contributed to the tragic event.
