{
	"id": "73ac30dc-4b45-4bf9-aa33-c416f7d2bcfb",
	"created_at": "2026-04-06T01:30:40.389236Z",
	"updated_at": "2026-04-10T03:24:29.878298Z",
	"deleted_at": null,
	"sha1_hash": "2311fb4b9adcce8564f45c51a0fbcf01eeb6e1ff",
	"title": "UK Government Officials Infected with Pegasus - The Citizen Lab",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 470979,
	"plain_text": "UK Government Officials Infected with Pegasus - The Citizen Lab\r\nArchived: 2026-04-06 00:45:07 UTC\r\nOpens in a new window Opens an external site Opens an external site in a new window\r\nThe Citizen Lab’s core mission is to undertake research on digital threats against civil society. During the course\r\nof our investigations into mercenary spyware, we will occasionally observe cases where we suspect that\r\ngovernments are using spyware to undertake international espionage against other governments. The vast majority\r\nof these cases are outside of our scope and mission. However, in certain select cases, where appropriate and while\r\npreserving our independence, we decide to notify these governments through the official channels, especially if\r\nwe believe that our actions can reduce harm.\r\nWe confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple\r\nsuspected instances of Pegasus spyware infections within official UK networks. These included:\r\nThe Prime Minister’s Office (10 Downing Street)\r\nThe Foreign and Commonwealth Office (FCO) (Now the Foreign Commonwealth and Development\r\noffice – FCDO)\r\nThe suspected infections relating to the FCO were associated with Pegasus operators that we link to the UAE,\r\nIndia, Cyprus, and Jordan. The suspected infection at the UK Prime Minister’s Office was associated with a\r\nPegasus operator we link to the UAE.\r\nBecause the UK Foreign and Commonwealth Office and its successor office, the Foreign Commonwealth and\r\nDevelopment office (FCDO), have personnel in many countries, the suspected FCO infections we observed could\r\nhave related to FCO devices located abroad and using foreign SIM cards, similar to the hacking of foreign phone\r\nnumbers used by US State Department employees in Uganda in 2021.\r\nThe United Kingdom is currently in the midst of several ongoing legislative and judicial efforts relating to\r\nregulatory questions surrounding cyber policy, as well as redress for spyware victims.  We believe that it is\r\ncritically important that such efforts are allowed to unfold free from the undue influence of spyware. Given that a\r\nUK-based lawyer involved in a lawsuit against NSO Group was hacked with Pegasus in 2019, we felt compelled\r\nto ensure that the UK Government was aware of the ongoing spyware threat, and took appropriate action to\r\nmitigate it.\r\nRon Deibert\r\nDirector of the Citizen Lab and Professor of Political Science at the University of Toronto’s Munk School of\r\nGlobal Affairs \u0026 Public Policy\r\nMore in: Targeted Surveillance\r\nLATEST\r\nhttps://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/\r\nPage 1 of 2\n\nNot Safe for Politics\r\nCellebrite Used on Kenyan Activist and Politician Boniface Mwangi\r\nFollowing the widely-condemned arrest in July 2025 of prominent Kenyan opposition voice Boniface Mwangi,\r\nthe Citizen Lab analyzed artefacts from devices seized during the arrest. We found that Cellebrite’s forensic\r\nextraction tools were used on his Samsung phone while it was in police custody. This case adds to the concerning\r\npattern of the misuse of Cellebrite technology by government clients.\r\nFebruary 17, 2026\r\nAPRIL 1, 2026\r\nSource: https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/\r\nhttps://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/"
	],
	"report_names": [
		"uk-government-officials-targeted-pegasus"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439040,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2311fb4b9adcce8564f45c51a0fbcf01eeb6e1ff.pdf",
		"text": "https://archive.orkl.eu/2311fb4b9adcce8564f45c51a0fbcf01eeb6e1ff.txt",
		"img": "https://archive.orkl.eu/2311fb4b9adcce8564f45c51a0fbcf01eeb6e1ff.jpg"
	}
}