Mobile phones belonging to Finnish diplomats were spied on using the cyber espionage software Pegasus, the country’s foreign ministry said on Friday.
“We can now be clear that there has been spyware in our phones,” the ministry’s head of information security, Matti Parviainen, told AFP.
The infected mobile devices were used by Finnish diplomats posted overseas, although the ministry refused to comment on how many staff were targeted, nor on whether the identity of the cyberattackers is known.
“We have good guesses” about how long the diplomats were spied on, Parviainen said, but the espionage is no longer continuing.
Diplomats’ phones only handle information that is either public or with the lowest security classification, the ministry said, but added “the information and its source may be confidential between diplomats.”
“NSO Group does not know the facts, but can assure that we will be assisting in any investigation on this issue to determine whether a misuse of our products occurred,” the company said in a statement to AFP.
“If and when a misuse by one of our customers would be found, we will take immediate action, including terminating the customer’s system and contract,” it added.
Pegasus, which can switch on a phone’s camera or microphone and harvest its data, was at the centre of a scandal last year after a list was made public of about 50,000 potential surveillance targets worldwide, including journalists, politicians, lawyers and dissidents.
The NSO Group chairman stepped down on Tuesday but denied the move was linked to the controversy around the surveillance software.
US authorities last November blacklisted NSO by restricting exports to it from American groups over allegations the firm “enabled foreign governments to conduct transnational repression.”
The NSO Group has previously told AFP that the Pegasus software is sold “only to legitimate law enforcement agencies who use these systems under warrants to fight criminals, terrorists and corruption.”