Polish senator Krzysztof Brejza, who in 2019 organized the campaign of the main opposition party, the Civic Platform, was not an isolated target of the Pegasus spyware: his father, the mayor of Inowroclaw, Ryszard Brejza, and his assistant, Magdalena Losko, have also been repeatedly targeted by messages seeking to infect their phones, reveals the Polish daily Gazeta Wyborcza and the German weekly Die Zeitin collaboration with “Project Pegasus” media, coordinated by Forbidden Stories.
Krzysztof Brejza is a major opposition figure. At the end of December, the American press agency Associated Press had revealed that he had received dozens of bomb messages in 2019, which a technical analysis conducted by the Citizen Lab in Toronto had linked to the attack infrastructure of Pegasus. Once installed on a phone, this very powerful spy software not only allows you to listen to conversations and access real-time geolocation, but also to download all the history of messages contained on the phone, including those exchanged via secure apps like Signal or WhatsApp.
Mr. Brejza, just like his father and Mr.me Losko, uses Android phones, on which traces of Pegasus are almost impossible to detect. Their analysis by Amnesty International’s Security Lab, however, uncovered dozens of booby-trapped text messages, sent shortly after these people’s phone numbers were selected for potential targeting by NSO Group’s Polish client, such as the data from the “Project Pegasus” shows this. M’s phoneme Losko was notably targeted while she was managing the campaign for the European elections.
Very sophisticated message bombs
The Pegasus operators who targeted Mr. Brejza and his relatives took their hacking to a very advanced degree of personalization: not only did the messages very precisely impersonate companies, presenting themselves for example as coming from the telephone operator actually used by the targets, but they also contained personal information. One of the trapped SMS thus invited its target to consult a telephone bill, and repeated the exact amount of the bill actually sent to this person that month. The presence of these details suggests that the targets of the software in Poland may have previously been subject to other forms of electronic surveillance.
You have 48.71% of this article left to read. The following is for subscribers only.