Officials noted that “Russia’s threshold for conducting disruptive or destructive cyber attacks in the homeland probably remains very high.”

Mobile phones belonging to Finnish diplomats were spied on using the cyber espionage software Pegasus, the country’s foreign ministry said on Friday.

“We can now be clear that there has been spyware in our phones,” the ministry’s head of information security, Matti Parviainen, told AFP. The infected mobile devices were used by Finnish diplomats posted overseas, although the ministry refused to comment on how many staff were targeted, nor on whether the identity of the cyberattackers is known.

“We have good guesses” about how long the diplomats were spied on, Parviainen said, but the espionage is no longer continuing. Diplomats’ phones only handle information that is either public or with the lowest security classification, the ministry said, but added “the information and its source may be confidential between diplomats.”

An Israeli lawyer said Saturday he was working with a rights group in Hungary to pursue authorities and Israeli firm NSO Group on behalf of Hungarian journalists allegedly targeted with Pegasus spyware.

Eitay Mack told AFP he had asked the Israeli attorney general to investigate how NSO was licensed to sell its surveillance software, which can switch on a phone’s camera or microphone and harvest its data, to Hungary.

The lawyer said he had coordinated the request with the Hungarian Civil Liberties Union (HCLU), which says Pegasus targeted the phones of four Hungarian journalists, one Belgian national and a sixth person who has requested anonymity.

A series of vulnerabilities in 42Gears’ SureMDM device management products could have resulted in a supply chain compromise against any organization using the platform.

42Gears was founded in 2009. It is based in Bangalore, India, and provides mobile device management and productivity products for organizations with a large mobile workforce. Its website lists a range of major customers (without specifying which products they use) including Deloitte, Saab, Lufthansa, Tesco, Thales, Intel and many others.

Researchers at Immersive Labs discovered and disclosed the first vulnerability to 42Gears on July 6, 2021. A series of additional vulnerability disclosures together with ‘failed’ private patches (including a new vulnerability introduced by one of the private patches) meant that effective public patches were not released until November 2021 and January 2022.

On January 23, 2022, 42Gears informed Immersive that they were continuing to apply additional mitigations beyond those reported by the researchers. By this time, Immersive felt they had done everything necessary to ensure their own principles of responsible disclosure, and they could publish their findings.

The WhisperGate attack is not the only operation believed to have been conducted by Russia-linked threat actors against Ukraine in recent months. Symantec on Monday disclosed the details of an espionage operation that it has tied to a known group.

For years, Russian advanced persistent threat (APT) actors have been observed launching various cyberattacks against Ukrainian targets, with some of these groups believed to be part of or under the direct supervision of Moscow’s secret service.

Over the past months, at least two Russian state-sponsored groups have been observed launching cyberattacks against Ukraine, namely Gamaredon, also known as Armageddon, Primitive Bear and Shuckworm, and potentially Sandworm, which is also referred to as Iron Viking, Telebots and Voodoo Bear.

Active since at least 2013 and mainly focused on targets in Ukraine, Gamaredon relies on phishing emails for the distribution of off-the-shelves tools (such as RMS and UltraVNC) and customized malware (Pterodo/Pteranodon).