BIRN Serbia journalists targeted with spyware

According to the findings by Amnesty International (AI), two investigative journalists of the online portal BIRN Serbia have been targeted by the Pegasus spyware, developed by the Israeli NSO Group. Jelena Veljković and another journalist who wished to remain anonymous received suspicious Viber messages on 14 February from the same unknown Serbian phone number.

One of the messages contained text and a link in Serbian, which AI’s Security Lab confirmed was associated with Pegasus attacks. Opening the link in a secure environment led to a decoy page mimicking n1info.com, designed to disguise traces of spyware infection.

The tactic of redirecting to a fake N1 website was also used in an attempt to infect the device of a protest leader in Serbia with Pegasus in July 2023, as AI reported last year in December. In response to AI’s inquiry, the NSO Group stated that its systems are sold only to verified government end-users, while Viber’s parent company said it would investigate the case and take measures to protect users if any violations are found.

AI concludes that there is a high likelihood that Serbian state actors or agents acting on their behalf were involved in targeting BIRN journalists with Pegasus spyware. Particularly concerning is the fact that the NSO Group still seemingly allows the use of Pegasus in Serbia, despite previous reports documenting its misuse.

This development is extremely troubling, especially as it follows previous cases of activists and journalists being targeted with spyware, which constitutes a criminal offense. It is essential for institutions to respond and investigate all findings regarding the use of Pegasus and other spyware tools in Serbia.