Digital rights watchdog group Citizen Lab said on Monday it had warned British officials that electronic devices connected to government networks, including some inside the prime minister's office and foreign ministry, appeared to be infected with Israeli-made spy software.

The spy software is known as Pegasus, a product of Israeli cyberarms dealer NSO Group, according to a blog post published by Citizen Lab.

"We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks," the blog post reads.

An NSO spokesperson said the allegations are "false and could not be related to NSO products for technological and contractual reasons."

A British government spokesperson said "we do not routinely comment on security matters."

Citizen Lab said it believed the targeting connected to the prime minister's office was done by NSO clients in the United Arab Emirates while the British foreign ministry hacking came from other countries, including Cyprus, Jordan and India.

Government spokespeople for the United Arab Emirates, Jordan, India and Cyprus did not immediately respond to requests for comment.

Pegasus can be used to remotely break into iPhones, giving clients deep access into a targeted phone's memory or turning them into recording devices.

Citizen Lab found evidence of the compromised UK devices by monitoring internet traffic and other digital signals to spy servers that control Pegasus for various NSO clients.

"We identified infections emanating from those UK networks based on a variety of network scanning methods we use, and notified the relevant UK authorities of our suspicions at the time for them to follow up," Citizen Lab Director Ron Deibert wrote in the blog post. "We did not have access to any devices, and do not have any information on specific victims."

Citizen Lab is known as one of the leading research groups on mercenary spyware within the cybersecurity industry.

The hacking activity connected to the British prime minister's office was investigated by the UK National Cyber Security Centre, where technicians tested multiple phones to find malware, according to a New Yorker article about NSO Group also published on Monday, but the findings were inconclusive.

© Copyright Thomson Reuters 2022. All rights reserved.

10 Downing Street
A general view of 10 Downing Street in London, Britain, April 12, 2022. Photo: Reuters / HENRY NICHOLLS
Hacking Cybercrime