Two investigative journalists from Serbia have become the latest victims of targeted spyware attacks using NSO Group’s Pegasus software, Amnesty International revealed in a report on Thursday. The Serbian journalists, who work for the Balkan Investigative Reporting Network (BIRN), were reportedly targeted last month through spyware delivered via messages on the Viber messaging app.
The journalists, identified as Bogdana (not her real name) and Jelena Veljkovic, received unusual messages from an unknown Serbian number linked to Telekom Srbija, the state telecommunications operator. The messages contained hyperlinks to a domain that Amnesty International later identified with high confidence as being associated with Pegasus.
Suspecting foul play, the journalists sought help from Amnesty International’s Security Lab, which conducted a forensic analysis of their devices. The lab confirmed that their smartphones were targeted with Pegasus spyware, known for its ability to infect devices without requiring the victim to click on any links. However, in this case, Amnesty determined that the attack was carried out through a one-click infection method, meaning the journalists had to click the malicious link for the spyware to activate.
A Pattern of Digital Surveillance in Serbia
The attack on the BIRN journalists is not an isolated incident. Amnesty International noted that this is the third time in two years that Pegasus spyware has been used against Serbian civil society members. In November 2023, a similar attack was uncovered, targeting two Serbian activists ahead of the national elections. Amnesty and other digital rights organizations, including Access Now, the SHARE Foundation, and Citizen Lab, documented how zero-click spyware was used to infiltrate the activists’ devices without their interaction.
Additionally, Amnesty discovered another Pegasus infection in July 2023, targeting a high-profile figure associated with Serbia’s growing protest movement. The recent attack on the journalists further highlights the ongoing use of invasive surveillance tools to monitor and intimidate civil society members in the country.
Pegasus: A Global Cyberweapon
Pegasus, developed by the Israeli company NSO Group, is one of the most advanced commercial spyware tools in existence. The software allows an attacker to remotely access a target’s smartphone, granting full control over calls, messages, and photos, and even enabling the device’s microphone and camera. NSO Group claims that its technology is sold only to vetted government entities to combat terrorism and crime. However, numerous investigations have revealed the spyware being used against journalists, activists, and political opponents worldwide.
In response to Amnesty International’s findings, NSO Group stated, “All sales of our systems are to vetted government end-users.” However, Amnesty believes the continued use of Pegasus in Serbia suggests that state authorities are behind these attacks.
The Serbian Journalists Speak Out
The targeted journalists expressed concern over the implications of the spyware attack. Bogdana, who was working on a sensitive report about foreign investments and state-linked corruption at the time of the attack, shared her distress upon discovering that her phone had been compromised.
“When I found out that the link on my phone was Pegasus, I was absolutely furious. This was the phone registered to my name, and I felt as if I had an intruder in my own home. This is an unnerving feeling… I was extremely concerned about my sources who could be at risk because they communicated with me,” Bogdana said.
Jelena Veljkovic, who received a similar Viber message but deleted it without clicking, also reflected on the incident. “When I found out that I was a target of a Pegasus attack, I was not particularly scared but found it quite unsettling. This was my private telephone, which I also use for work, and a virus like Pegasus, which is not selective at all and can access everything on one’s phone, can have repercussions on my family too,” she said.
Both journalists believe the attack was an attempt to silence investigative reporting in Serbia.
Increasing Repression and the Use of Spyware in Serbia
Serbia has been under increasing scrutiny for its crackdown on journalists, activists, and protestors. A major anti-government rally in Belgrade on March 15 further exposed tensions between civil society and authorities. Protestors have accused the government of deploying illegal surveillance and even using sonic weapons to disperse crowds.
In December 2023, Amnesty International also revealed that Serbian authorities had used Cellebrite software to secretly unlock civilians’ phones. This allowed them to install a homegrown spyware tool, further expanding state surveillance capabilities.
BIRN, the journalists’ employer, has faced numerous threats, harassment, and legal actions, including Strategic Lawsuits Against Public Participation (SLAPPs) from high-ranking government officials. The organization is currently fighting four such lawsuits, including one from the mayor of Belgrade.
Calls for Accountability and Action
The targeting of journalists and activists threatens press freedom, human rights, and democracy itself. Until concrete actions are taken to hold those responsible accountable, journalists like Bogdana and Jelena will continue to operate under the looming threat of digital surveillance.
“These findings provide further evidence that Serbian authorities are abusing highly invasive spyware products and other digital surveillance technologies to target journalists, activists, and other members of civil society,” Amnesty International stated.
As digital surveillance becomes an increasingly common tool for governments worldwide, the need for stronger legal protections and transparency around spyware use remains urgent.
