Finland says it found NSO's Pegasus spyware on diplomats' phones

The Finnish government said today that the telephones of some of its foreign diplomats were infected last year with Pegasus, a spyware strain developed by controversial Israeli surveillance vendor NSO Group.

Finland's Ministry of Foreign Affairs said the hacks were discovered in the autumn and winter of 2021–2022 and that the espionage campaign is no longer active.

Officials said that both Android and iPhone phones were infected but that the devices only stored information classified at "level 4," which they said was their lowest level of classified information.

"However, it is worth noting that even if information is not directly classified, the information itself and its source may be subject to diplomatic confidentiality," the Finnish Ministry of Foreign Affairs said in a press release today.

In a press conference, officials said they are still investigating the hacks to determine who was behind the espionage attempt.

Since launching the Pegasus surveillance platform in the mid-2010s, NSO Group has sold access to tens of governments across the globe.

While the spyware (and its maker) have become famous for repeatedly being found on the devices of human rights activists, dissidents, and journalists in countries with oppressive regimes, a New York Times report published today claimed that one of its past customers might have also been the US Federal Bureau of Investigations.

In addition, today's Finnish revelations also come after similar reports of Pegasus being deployed on devices in other European countries, such as Hungary and Poland, suggesting that the Israeli company had a much larger clientele in democratic countries as well.

Reached out for comment on the Finnish government's press release today, an NSO Group spokesperson provided the following statement:

NSO Group does not know the facts, but can assure that we will be assisting in any investigation on this issue to determine whether a misuse of our products occurred. If and when a misuse by one of our customers would be found, we will take immediate action, including terminating the customer’s system and contract.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.