Citizen Lab, a research group affiliated with the University of Toronto, warned the United Kingdom government that electronic devices connected to government networks, including some inside the prime minister's office and foreign ministry, appeared to be infected with Pegasus spy software, the digital rights watchdog group said Monday.
The spy software known as Pegasus is a product of Israeli cyberarms dealer NSO Group, according to a blog post published by Citizen Lab. "We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official U.K. networks," the blog post reads.
An NSO spokesperson said the allegations are "false and could not be related to NSO products for technological and contractual reasons."
A British government spokesperson said "we do not routinely comment on security matters."
Citizen Lab said it believed the targeting connected to the prime minister's office was done by NSO clients in the United Arab Emirates while the British foreign ministry hacking came from other countries, including Cyprus, Jordan and India.
Cyprus authorities "categorically deny" any involvement in the matter, government spokesperson Marios Pelekanos told Reuters.
"However, to avoid any further speculations on a Cyprus link, we note that the Government of the Republic of Cyprus, which enjoys excellent relations with the British Government in all fields, has never been approached with any sort of inquiry on the subject at large by the relevant British authorities," he said in an emailed statement.
Government spokespeople for the United Arab Emirates, Jordan and India did not immediately respond to requests for comment.
Pegasus can be used to remotely break into iPhones, giving clients deep access into a targeted phone's memory or turning them into recording devices.
Citizen Lab found evidence of the compromised U.K. devices by monitoring internet traffic and other digital signals to spy servers that control Pegasus for various NSO clients.
"We identified infections emanating from those U.K. networks based on a variety of network scanning methods we use, and notified the relevant U.K. authorities of our suspicions at the time for them to follow up," Citizen Lab Director Ron Deibert wrote in the blog post. "We did not have access to any devices, and do not have any information on specific victims."
In a separate report also released Monday, Citizen Lab also said a large-scale investigation it had conducted in collaboration with Catalan civil society groups found that at least 65 individuals were targeted or their devices infected with what it calls "mercenary spyware" sold by two Israeli companies, NSO Group and Candiru.
Citizen Lab is known as one of the leading research groups on mercenary spyware within the cybersecurity industry.
The hacking activity connected to the British prime minister's office was investigated by the U.K. National Cyber Security Centre, where technicians tested multiple phones to find malware, according to a New Yorker article about NSO Group also published on Monday, but the findings were inconclusive.