Image of three journalists spliced together.
CPJ is deeply troubled by a May 30, 2024, report by Access Now and Citizen Lab alleging that Pegasus spyware was used to surveil at least five journalists, including Poland-based exiled Belarusian journalist Natalya Radina (left), Latvia-based exiled Russian journalist Maria Epifanova (center), and Latvia-based exiled Israeli-Russian journalist Evgeniy Erlich (right). (Photos: Muzaffar Suleymanov/CPJ, Epifanova, Erlich)

Pegasus spyware targeted exiled journalists from Russia, Latvia, Belarus, report finds

New York, May 30, 2024—The Committee to Protect Journalists is deeply troubled by a Thursday report by rights group Access Now and research organization Citizen Lab alleging that Pegasus spyware was used to surveil at least five journalists.

The report, “Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware,” identified at least seven people whose devices were targeted between 2020 and 2023 by Pegasus, a form of zero-click spyware produced by the Israeli company NSO Group.

“Today’s report raises major concerns about the use of spyware against journalists and shows once again that the press is among the main targets of Pegasus spyware,” said Gulnoza Said, CPJ’s Europe and Central Asia program coordinator. “Journalists should not be spied on, and these new attacks mean that governments urgently need to implement an immediate moratorium on the development, sale, and use of spyware technologies.”

The targets included four named journalists and one Lithuania-based exiled Russian journalist whose device was targeted in June 2023 around an event in Riga, Latvia, and who requested to remain anonymous. The report describes the following attacks on the four named journalists:

  • Latvia-based exiled Russian journalist Maria Epifanova’s device was infected in August 2020, “the earliest known use of Pegasus to target Russian civil society,” the report said. Epifanova is the CEO of independent news outlet Novaya Gazeta Europe, which Russian authorities outlawed as “undesirable” in June 2023. The report said the infection occurred when Epifanova was chief editor of Novaya Gazeta Baltija — which covers Latvia, Lithuania, and Estonia — and “shortly after she received accreditation to attend exiled Belarusian democratic opposition leader Sviatlana Tsikhanouskaya’s first press conference in Vilnius,” the capital of Lithuania.  

“Regardless of who is behind this attack, invasion in private life is unacceptable. I am now working with a lawyer to decide on the next steps and will do my best to bring more light onto my own case and cases of my colleagues,” Epifanova told CPJ.

  • Latvia-based exiled Israeli-Russian journalist Evgeniy Erlich’s device was infected in late November 2022 while on vacation in Austria, the report said. Erlich, an independent producer, has worked with various media outlets, including broadcaster Current Time TV and Votvot, an on-demand Russian-language streaming platform. Both outlets are affiliated with the U.S. Congress-funded broadcaster Radio Free Europe/Radio Liberty (RFE/RL).

Erlich told CPJ that “we will most likely never know” who ordered the attacks.

  • Latvian journalist Evgeniy Pavlov’s device was targeted in November 2022 and April 2023. Pavlov, a former correspondent with Novaya Gazeta Baltija and a freelance journalist for Current Time TV’s “Baltija” program, told CPJ that he was in Latvia at both times. Access Now was unable to confirm if the attempts were successful.

“If the intelligence services of any country can interfere with the activities of journalists in this way, it poses a very great threat to free and safe journalism. And to free speech in general,” Pavlov told CPJ.

“My phone was illegally tapped in Belarus, where I was persecuted for political reasons, prosecuted, and imprisoned by the KGB [Belarusian national security service],” Radina told CPJ. “I know that…my absolutely legal journalistic activity can be of interest only to Belarusian and Russian special services, and I am only afraid of the possible cooperation in this matter of the present operators, whoever they are, with the KGB or the FSB [Russian Federal Security Service].”

In an email response to CPJ, the vice president of global communications for NSO group, Gil Lainer, maintained that the organization complies with all laws and regulations, emphasizing that it only sells to vetted intelligence and law enforcement agencies, and to allies of Israel and the United States. Lainer added that NSO group investigates all credible claims of misuse, adding that a number of investigations resulted in the suspension or termination of accounts.

A 2022 CPJ special report noted that the development of high-tech “zero-click” spyware like Pegasus — the kind that takes over a phone without a user’s knowledge or interaction — poses an existential crisis for journalism and the future of press freedom around the world. The report included CPJ’s recommendations to protect journalists and their sources from the abuse of the technology and called for an immediate moratorium on exporting this technology to countries with poor human rights records.

CPJ has also joined other rights groups in calling for immediate action to stop spyware threatening press freedom.

In September 2023, an investigation released by Access Now and Citizen Lab revealed that the phone of Galina Timchenko, the head of independent Russian-language news website Meduza, who has lived in Latvia since 2014, was infected by Pegasus while she was in Germany in February 2023.

The next day, Epifanova, Pavlov, and Erlich said Apple had notified them that their phone could have been targeted by hacker attacks.