Finland’s Ministry of Foreign Affairs has reportedly solved a suspected espionage case involving the infamous Pegasus spyware developed by NSO Group.
According to the announcement, unnamed threat actors covertly deployed Pegasus on Finnish diplomats’ phones to harvest state secrets.
“Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity,” reads the notice.
“The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part. Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features,” the ministry says.
The investigation started in the autumn of 2021 and continued into 2022. The start of the investigation – perhaps unsurprisingly – coincided with the widely publicized Pegasus spyware attacks on US State Department employees.
“The case was directed at posted employees working in Finnish missions abroad. The inquiry has enabled to Ministry to determine the timeline of the activities,” according to the announcement.
The campaign is “no longer active,” the ministry says, adding that it does not rule out that the attackers managed to exfiltrate confidential data from the diplomats’ phones.
“The Ministry for Foreign Affairs processes information at different security levels using different methods,” it explains. “Information transmitted by telephone is public or classified at level 4 at the maximum, which is the lowest level of classified information. However, it is worth noting that even if information is not directly classified, the information itself and its source may be subject to diplomatic confidentiality.”
In November, Apple sued NSO Group alleging that the Israeli firm enabled extensive state-sponsored hacking of its iOS devices through Pegasus.
And earlier this month, the US National Counterintelligence and Security Center (NCSC) and the Department of State issued a joint alert warning citizens that threat actors were using zero-click malware to steal data from unsuspecting victims. The advisory didn’t name any specific malware, but checked all the boxes to describe Pegasus.