Finland's Foreign Ministry has said some of its diplomats working at missions abroad have been targeted by foreign-made surveillance software.
The ministry did not disclose where the hacking took place or how many diplomats were targeted, yet cybersecurity expert Mikko Hyppönen said this is the first time Pegasus, developed by the Israeli firm NSO Group, has been linked to Finland. He also said the clues indicated that a state actor was behind the espionage.
"NSO only sells this programme to states, and it's not easy to copy it or use it without permission for other purposes. NSO definitely knows who uses this programme", Hyppönen explained to national broadcaster Yle.
Antti Pelttari, director of the Finnish Security and Intelligence Service (Supo) confirmed this assessment.
The surveillance software Pegasus is known for planting itself on target phones and harvesting its data. Its attacks are notoriously difficult and expensive to carry out.
"The malware has infected users' Apple or Android telephones without their noticing and without any action from the user's part. Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features", the ministry said in a statement, adding that the spying is "no longer active".
The government said that it is highly unlikely that any sensitive information was leaked to outsiders as the transmission of classified information by phone is limited. Yet, those behind the attack could have learned the physical movements of Finnish diplomats as well as the identity of their contacts.
Pegasus has previously been used to target corporate CEOs, human rights activists, journalists, dissidents, and even top-ranking politicians, including French President Emmanuel Macron. According to Hyppönen, though, Pegasus victims have mainly been in Latin America or the Middle East, with Finns being a notable exception.