Hackers used software made by the Israeli spyware company NSO Group to infiltrate the official residence of UK Prime Minister Boris Johnson, the New Yorker reported on Monday.
According to the report, which cited researchers from Toronto-based Citizen Lab, On July 7, 2020, hackers using NSO’s Pegasus spyware tried to hack into a device connected to the network at 10 Downing Street.
A UK government official confirmed the attempted hacking to the New Yorker, but did not confirm that Pegasus was used.
NSO’s Pegasus product allows operators to stealthily invade a target’s mobile device, giving them access to contacts, messages, and movement history.
The company says that Pegasus is sold only to foreign governments after approval by the Defense Ministry as a tool for catching criminals and terrorists. Although it says it has safeguards in place to prevent abuse, it has also acknowledged that it cannot control whom its clients monitor and it does not have access to the information that is collected.
According to the source, the National Cyber Security Centre, which is under the jurisdiction of the British Defense Ministry, investigated several devices at 10 Downing Street, including Johnson’s.
The source said that officials were not able to locate the infected device.
“When we found the No. 10 case, my jaw dropped,” John Scott-Railton, a senior researcher at Citizen Lab, told the New Yorker.
“We suspect this included the exfiltration of data,” Bill Marczak, another senior researcher there, said.
The researchers also showed that based on the servers to which the information was transmitted, it is likely that the UAE was behind the hack.
According to researchers, Pegasus was also suspected of having infected the Foreign Office on at least five occasions between July 2020 and July 2021.
This was linked to operators in the UAE, India, Cyprus, and Jordan.
Responding to the New Yorker article, NSO denied that its software was used in the alleged attack.
NSO Group has faced mounting scrutiny since a consortium of news outlets revealed in July last year that its Pegasus software had been used to spy on the phones of journalists, politicians, activists, or business leaders in many countries.