Critics of Serbia’s government targeted with ‘military-grade spyware’
Critics of Serbia’s nationalist government who have documented the country’s endemic corruption were targeted with military-grade spyware earlier this year, according to new findings by security researchers.
The attempted hacking of two Serbian pro-democracy activists – who have asked not to be named to protect their safety – was ultimately not successful because both individuals’ Apple iPhones had been updated with the latest iOS software, which the researchers said protected the devices from being infiltrated.
The individuals were first alerted of the attempted hack by Apple, which sent both an alert that they may have been targeted by a state-sponsored actor. The warning was later confirmed after investigations by researchers at Access Now, the Share Foundation in
Serbia, the Citizen Lab at the Munk School at the University of Toronto, and Amnesty International.
The findings come just months after researchers revealed that Russian journalists who are critical of Vladamir Putin and living in the European Union had also been targeted with spyware. The Council of Europe and the European parliament have sought to advance policies that would curb the use of spyware, but the emergence of new cases inside the bloc point to an apparent willingness by some European governments to continue to use spyware to suppress and intimidate political critics.
Natalia Krapiva, the tech-legal counsel at Access Now, said: “These findings are extremely worrying for the rule of law and democracy in Serbia. Uncontrolled use of commercial spyware is poison not only for human rights, but also security and democratic institutions in any country.”
The researchers found that the Serbians
had been targeted about a minute apart from each other on or about 16 August 2023. Access Now and Citizen Lab discovered traces of the attempted attack, which sought to take advantage of a possible vulnerability in iPhone’s HomeKit application.
The researchers said use of the technical vulnerability was “consistent” with those previously used by states improperly using one of the world’s