The IPI global network today once again calls for an end to the use of spyware against journalists in Europe, following new revelations by NGO Access Now, which found that seven more Russian and Belarusian journalists and activists in exile in Europe had been targeted by Pegasus spyware.

In its statement, Access Now drew up the following list of new victims of Pegasus:

  •   Evgeny Erlikh, a Russian-Israeli journalist and producer for U.S. Congress-funded Radio Free Europe/Radio Liberty (RFE/RL), based in Riga, Latvia.
  •   Evgeny Pavlov, a Russian-speaking Latvian journalist, previously a freelancer with RFE/RL and Novaya Gazeta Baltija (a regional project of Novaya Gazeta Europe, an exiled Russian independent news outlet), also based in Riga.
  •   Maria Epifanova, a Russian journalist who works as the general director of Novaya Gazeta Europe and as the director of Novaya Gazeta Baltija, also based in Riga.
  •   Nataliia Radzina, a Belarusian journalist and editor-in-chief of independent Belarusian news site, based in Warsaw, Poland.
  •   Andrei Sannikau, a Belarusian dissident, political activist and opposition politician who ran for president of Belarus in 2010, currently based in exile in Warsaw.
  •   An anonymous independent Russian journalist, based in Vilnius, Lithuania.
  •   An anonymous Belarusian opposition activist, also based in exile in Vilnius.

While there is no direct link between the victims, all seven of them are active members of Russian and Belarusian civil society based in exile in countries immediately bordering those from which they fled.

“Any surveillance of journalists is a serious violation of media freedom, and more specifically journalists’ right to privacy and to the protection of their sources”, said IPI Head of Europe Advocacy and Programmes Oliver Money-Kyrle.

“Surveillance is especially concerning when it is carried out with the use of advanced spyware whose installation is almost impossible to detect, as is the case of the Pegasus tool developed by NSO group. We call on European governments concerned by the recent revelations to investigate these cases, identify their perpetrators, as well as to put in place strong safeguards preventing the misuse of spyware against journalists.”

Surveillance of independent Russian journalists in Riga

The three Russian independent journalists surveilled with Pegasus spyware whose identities are known are all based in Latvia and are affiliated with two major independent media outlets working for Russian audiences: RFE/RL and Novaya Gazeta Europe. Their phones were all targeted around 28-29 November 2022, with Erlikh’s and Epifanova’s phone successfully infected with Pegasus.

While the motivation appears to be linked to the trio’s activities as independent Russian journalists, it is unclear exactly what information hackers attempted to extract from their phones.

Speaking to IPI, Pavlov explained that he had likely been targeted as he had been in touch with the two other journalists on the list, Erlikh and Epifanova, who were at various times his editors.

“This [surveillance] was, of course, a gross violation of human rights and an intrusion into my private life, even if I don’t know how to fight with this”, Pavlov said.

Erlikh told IPI that while Russia and Belarus are likely to have been behind the spyware,  he didn’t exclude the possibility of other countries’ involvement. “Lithuania, Latvia and Estonia are worried about a potential Russian invasion”, Erlikh said. “They could have wanted to check whether [independent Russian] journalists in Latvia really are journalists and not spies.”

Belarusian dissidents and journalists spied on in Warsaw

The two other known victims, Radzina and Sannikau, are prominent figures in the Belarusian civil society movement through their independent reporting and political activism.

Radzina told IPI that she had approached Access Now for help in late 2023, after receiving  security warnings from Apple that “state-sponsored attackers” may have targeted her phone. There had been at least three attempts to hack the device, but it remained unclear if these were successful.

“It seems logical to me that only the [Belarusian] KGB or the [Russian] FSB could have an interest in this”, Radzina said.

Previous uses of Pegasus and need for protection within EMFA

The new revelations by Access Now follow those made by the NGO in September 2023, when its experts found that Pegasus spyware had been used to target Galina Timchenko, the executive director of Meduza, Russia’s largest independent media outlet in exile. Like Erlikh, Epifanova and Pavlov, Timchenko is based in Latvia.

Based on the timing of the hack, Timchenko has speculated that the spyware could have been used to surveil a closed meeting of independent Russian journalists in Berlin, which took place on February 11, 2023.

In Europe, journalists in Hungary and Greece are also known to have been targeted with Pegasus spyware, in several cases examined in detail within the scope of a recent IPI report .

After multiple scandals, NSO has repeatedly claimed that its spyware technology is sold exclusively to state intelligence and law enforcement authorities for the investigation of serious crimes such as terrorism only.