The Israeli spyware Pegasus hit the office of Johnson in 2020 and 2021, the British premier was told on Monday.
According to a Citizen Lab report, Johnson’s Downing Street office was hit by “multiple” suspected infections.
Citizen Lab said it suspected the United Arab Emirates orchestrated the spyware attacks targeting Number 10 Downing Street.
“We confirm that in 2020 and 2021, we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks,” the group said in a statement.
“These included: the prime minister’s office (10 Downing Street) [and] the Foreign and Commonwealth Office … The suspected infection at the UK prime minister’s office was associated with a Pegasus operator we link to the UAE.”
They added that their researchers could not identify the specific individuals within these bodies that had been hacked.
The Pegasus software allows governments to access the phones or laptops of activists and journalists worldwide, allowing operators to view messages, contacts, the camera, microphone, and location history.
Since the investigation into the global use of the illegal spyware in governments such as Saudi Arabia, Morocco, Bahrain, and the United Arab Emirates, the NSO Group has said that they have no control over how clients use their products or have access to any data they collect and claim to have safeguards in place.
However, critics say the safeguards are insufficient.
In November 2021, the US blacklisted the NSO Group after saying its activities went against its national security interests.
In a statement to The Guardian on Monday, the NSO Group said criticism against their company by groups like Citizen Lab was “politically motivated”.
“We have repeatedly cooperated with governmental investigations, where credible allegations merit. However, information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons,” said a spokesperson.