Vucic critics attacked with military-grade spyware

Critics of Serbia's nationalist government who have documented widespread corruption in the country were attacked with military-grade spyware earlier this year, according to new data from security researchers, The Guardian reports.

The hacking attempt on two Serbian pro-democracy activists, who are not being named to protect their security, was ultimately unsuccessful as the iPhones of the two had been updated with the latest iOS software, which researchers say protected the devices from intrusion.

The individuals were first alerted to the hacking attempt by Apple, which sent the two a warning that they may have been targeted by a state-sponsored actor. The warning was later confirmed after investigations by researchers at Access Now, the Share Foundation in Serbia, the Citizen Lab at the University of Toronto's Munk School and Amnesty International.

The findings come just months after researchers revealed that Russian journalists critical of Vladimir Putin living in the European Union were also targeted by spyware. The Council of Europe and

Natalia Krapiva, Access Now's technology legal advisor, said, "These findings are extremely worrying for the rule of law and democracy in Serbia. The uncontrolled use of commercial spyware is poison not only for human rights, but also for security and democratic institutions in any country."

The researchers found that Serbian citizens were targeted within about a minute of each other on August 16, 2023. Access Now and Citizen Lab found traces of the attempted attack, which sought to exploit a possible vulnerability in the iPhone's HomeKit app.

The researchers said the tactic was "consistent" with those previously used by the Israeli company NSO Group, which sells one of the world's most sophisticated cyber weapon known as Pegasus.

Investigators in the Serbian case have been unable to confirm definitively what kind of spyware was used because the available forensic indicators are limited.

"So far, we do not attribute these attacks to a specific operator, but we note that ten years of Citizen Lab investigations have found that Serbia is a regular customer of mercenary spyware and other commercial surveillance technologies," said John Scott-Reilton, a senior researcher at Citizen Lab.

While researchers cannot definitively link the attempted attacks in Serbia to specific spyware, the hacking attempts are likely to renew focus on previous findings related to covert data collection and surveillance by Serbia's BIA. The last director of the BIA was Aleksandar Vulin, who in July 2023 was placed on a sanctions list by the U.S. Treasury Department for supporting Moscow and using his "policy positions to create support for Russia's malicious activities" and to foment instability in Serbia. Vulin resigned from his post on 3 November.

One of the alleged victims of the hacking attempt described his work as aimed at criticising Serbia's "autocratic regime" and "widespread corruption" in the country, as well as the current government's pro-Russian foreign policy, which is not aligned with the EU on issues such as sanctions against Moscow.

According to the person, the hacking attempt was probably an attempt to intimidate or discredit his work "in order to find something compromising against me".

Both individuals who were targeted believe the hacking attempt may also have been linked to calls for an official investigation into the government's actions in connection with the mass shooting that killed 17 people, including children, last summer.

Mass demonstrations erupted after the shooting, with protesters denouncing populist President Aleksandar Vucic, blamed for creating divisions in the country that some say led to the mass shooting. / BGNES