Researchers detect ‘multiple spyware infections’ of Downing St and FCDO since 2020

Written by Sam Trendall on 19 April 2022 in News

Canadian academics claim that attack on No. 10 using Pegasus software was launched from the UAE

Credit: Paul Bloch/Pixabay

Over the last two years Downing Street has been repeatedly infected with spyware in attacks perpetrated from the United Arab Emirates, according to academic research.

An announcement published yesterday by the University of Toronto’s Citizen Lab reveals that, during 2020 and 2021, the unit’s researchers “observed and notified the government of the UK of multiple suspected instances of Pegasus spyware infections within official UK network”.

Infections were detected at the Prime Minister’s Office and the-then Foreign and Commonwealth Office, according to the statement, which is attributed to professor Ron Deibert, director of the lab.

The Pegasus technology reportedly used to target the government entities is a spyware program developed by Israeli company NSO Group.

The FCO was targeted by “Pegasus operators that we link to the United Arab Emirates, India, Cyprus, and Jordan”, Deibert said. 

“Because the FCO – and its successor office: the Foreign Commonwealth and Development Office – have personnel in many countries, the suspected infections we observed could have related to devices located abroad and using foreign SIM cards,” he added.

Related content

Citizen Lab researchers ascertained that “the suspected infection at the UK Prime Minister’s Office was associated with a Pegasus operator we link to the UAE,” according to Deibert.

The UAE is understood to have previously been a customer of Pegagus. However, the company ended its engagement with the state in light of a judgement published by the UK High Court six months ago which found that the software had been used by agents acting on behalf of the ruler of Dubai, Sheikh Mohammed bin Rashid al Maktoum, who had ordered the unlawful hacking of the phone of his ex-wife and five of her associates.

“The UK is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy, as well as redress for spyware victims,” Deibert said. “We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware. Given that a UK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled to ensure that the UK government was aware of the ongoing spyware threat, and took appropriate action to mitigate it.”

The government has indicated that it does not comment on security matters.

The NSO Group, meanwhile, said that it “continues to be targeted by a number of politically motivated advocacy organisations like Citizen Lab and Amnesty to produce inaccurate and unsubstantiated reports based on vague and incomplete information”.

“We have repeatedly cooperated with governmental investigations, where credible allegations merit,” a spokesperson added. “However, information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons.”

The company’s website claims that is Pegasus spyware platform and other products “are used exclusively by government intelligence and law enforcement agencies to fight crime and terror”.

The Citizen Lab is based in the University of Toronto’s Munk School of Global Affairs and Public Policy. It describes its work as being focused on “research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security”.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

GCHQ appoints first female leader
14 April 2023

Anne Keast-Butler named as new boss of intelligence and cyber agency

WhatsApp and private email banned for government use at higher security tiers
13 April 2023

Officials are warned that, if they choose to use non-corporate channels, they must 'be prepared to defend your choices'

‘Sow distrust and decrease morale’ – government lifts lid on work of UK’s offensive cyber spy unit
6 April 2023

National Cyber Force reveals its work includes covert influence operations as well as disruption of adversaries IT networks

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...