THE MINISTRY for Foreign Affairs on Friday revealed it has for months now investigated cases of cyber-espionage targeted at Finnish diplomats working abroad.

The espionage was carried out by means of Pegasus, a spyware developed, marketed and licensed by Israel’s NSO Group. The highly sophisticated software infiltrates smartphones typically through so-called zero-click attacks by exploiting zero-day vulnerabilities in the operating system.

The spyware is capable of obtaining root privileges on the infected device and, in theory, of harvesting and sending any data to the attacker.

Matti Parviainen, the director of data security at the Ministry for Foreign Affairs, told Helsingin Sanomat that the investigators have been able to estimate when the spyware was used actively but stopped short of commenting further on the time of the attacks. No details have been provided regarding the number, position and geographical location of the diplomats whose phones were compromised.

“I could describe the espionage as relatively long-running,” he replied when asked if the espionage occurred over months or years.

Instructions of the Ministry for Foreign Affairs state that phones should be only used to handle information that is either public or of the lowest classification level. Even the disclosure of information of the lowest classification level, though, causes immediate harm to the interests of Finland, said Parviainen.

“We have to start with the assumption that the party that succeeded in installing the malware has obtained information we didn’t want to publish or hand over to the party,” he summed up.

“I’m not going to estimate the ramifications. It’s perfectly clear that we’ll have to take into account in our readiness and decision-making that some information related to things like preparing our positions has fallen into wrong hands.”

Pegasus has been used to infiltrate the phones of numerous activists, journalists, politicians and researchers around the world, according to a series of reports published by a group of investigative journalists in mid-2021. The spyware, they revealed, has been used at least by Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and United Arab Emirates.

Parviainen on Friday declined to comment on whether the party behind the cyber-espionage has been identified, adding that determining the attacker is not even the ministry’s responsibility.

“I’m referring to the own reports of NSO Group, according to which the product in question is sold to state-level actors. I won’t characterise anything that’s related to countries in any more detail,” he said.

Aleksi Teivainen – HT