NSO Group Pegasus Spyware Aims at Finnish Diplomats

Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.

The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials.

They also said the infections were of the zero-click variety.

“The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part,” Finland’s Ministry for Foreign Affairs announced.  “Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features.”

Infosec Insiders Newsletter

The disclosure said the espionage campaign was shut down and that the case was being investigated throughout the “autumn and winter 2021-2022.”

Although Finnish diplomatic communications conducted over mobile devices are usually not of the highest sensitivity, the Ministry added, the compromise is something the government is taking seriously.

“Information transmitted by telephone is public or classified at level 4 at the maximum, which is the lowest level of classified information,” the Ministry said.  “However, it is worth noting that even if information is not directly classified, the information itself and its source may be subject to diplomatic confidentiality.”

The Pegasus, NSO Group Threat

This is precisely the type of scenario that put Israeli company NSO Group in the headlines when it was discovered the company had tools capable of monitoring private WhatsApp messages between journalists and human rights activists during a lawsuit filed by WhatsApp parent company Facebook in Oct. 2019.

Last summer, the Guardian newspaper published a report from journalists who reviewed data leaked from NSO Group that found 50,000 phone numbers they believe were being monitored for their clients, dating back to 2016, including Amnesty International employees, human rights lawyers and more.

NSO Group denies that it peddles malware to governments for spying and that it isn’t helping nations monitor other countries or their citizens. But just last month, the U.S. State Department said it found Pegasus installed on the iPhones of at least nine employees working abroad — echoing the recent Finnish announcement.

NSO said Pegasus doesn’t work on devices in the U.S., but those outside the country could be targeted by the spyware. A Washington Post investigation turned up evidence Pegasus was downloaded on the devices of about a dozen Americans working overseas as journalists, aid workers and diplomats.

Last November, NSO Group was added to the sanctions list by the U.S. Government for creating and selling the dangerous malware.

The latest reports from Finland seem to fit the Pegasus pattern.

Finland Also Targeted With Facebook Messenger Phishing Campaign

Adding to Finland’s cybersecurity woes, the country’s National Cyber Security Centre warned that its citizens were being targeted by a Facebook Messenger phishing scam aimed at tricking users to give up their two-factor authentication codes and phone numbers to hijack their Facebook accounts.

“The best way to protect yourself from this scam is to be wary of Facebook messages from all senders, including people you know,” the Cyber Security center cautioned.

Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.

Suggested articles