Spyware attack attempts on civil society in Serbia

On 30 October 2023, two members of civil society from Serbia received an alert from Apple that they were potential targets of state-sponsored technical attacks. They immediately contacted EDRi member SHARE Foundation after receiving the warning, in order to check if their devices were attacked by any known spyware. These were the first documented cases of attempted sophisticated spyware attacks known to us in Serbia.

By SHARE Foundation (guest author) · December 6, 2023

On 30 October 2023, two members of civil society from Serbia received an alert from Apple that they were potential targets of state-sponsored technical attacks. They immediately contacted EDRi member SHARE Foundation after receiving the warning, in order to check if their devices were attacked by any known spyware. These were the first documented cases of attempted sophisticated spyware attacks known to us in Serbia.

Infection attempts

In collaboration with international partners which have high expertise in the field of digital forensics, i.e. Amnesty International’s Security Lab, Access Now and Citizen Lab, SHARE Foundation’s digital security team could confirm that both devices were targets of infection attempts occurring on 16 August 2023. There is no evidence that the infection attempts succeeded. The analysis of the forensic artefacts collected from the devices has shown that in the initial phase the attack leveraged iPhone HomeKit, which is a vector that is consistent with exploits used by NSO Group’s Pegasus spyware. It is known that the vendor of Pegasus spyware NSO Group has released multiple exploits which target the iPhone’s HomeKit functionality, including the PWNYOURHOME exploit. What is specific for these types of exploits is that they are “zero-click”, meaning that there is no need for the targeted person to have any interaction with a malicious message, call or file in order for their phone to be infected.

Dangers for human rights

The SHARE Foundation warns that spyware attacks on representatives of the critical public have a negative impact on democracy and human rights as it erodes civic space by suppressing the right to privacy, freedom of expression and association, especially since snap elections will be held in Serbia during December. The use of spyware is illegal since there is no legal basis for its use in Serbia. In addition to this, use of such tools is incompatible with democratic values and the respect for human rights and freedoms.

What’s next

We remind the public that targeted digital surveillance tools are used by governments around the world to spy on members of the opposition, civil society, independent media, dissidents and other actors working in the public interest. Such activities threaten the freedom of expression and association, as well as the right to privacy and confidentiality of communication guaranteed by domestic and international law. SHARE Foundation will continue to investigate any subsequent implications of the use of spyware.

Contribution by: EDRi member, SHARE Foundation

BECOME A DIGITAL RIGHTS SUPPORTER THIS FESTIVE SEASON

Donate now!