Allgemein
Serbia: Spyware attacks on BIRN journalists further deepen press…
Serbia: Spyware attacks on BIRN journalists further deepen press freedom crisis
The partner organisations of the Media Freedom Rapid Response (MFRR) today raise further alarm about the deepening press freedom crisis in Serbia in the wake of revelations showing evidence of the abuse of advanced Pegasus spyware to target two journalists from leading investigative media platform BIRN.
28 March 2025
Our organisations warn that the ultimately failed attempt to use military-grade surveillance technology to spy on journalists from the award-winning Balkan Investigative Reporting Network (BIRN) represents another milestone in the deteriorating situation in Serbia, which requires immediate and strong interventions from the European Union.
The confirmation of spyware use was published by Amnesty International on March 27 and documented how its forensic testing had shown how the two female journalists – one of whom was Jelena Veljković – had both received messages on February 14 containing fake links, which if clicked would have infected the phone with Pegasus, an advanced spyware tool sold by Israeli cybersurveillance firm NSO Group.
The messages were sent hours apart in the messaging platform Viber from the same number registered with the state operator Telekom Srbija, and included a link which led to a fake version of the Serbian news portal N1. According to BIRN, after the identical messages were flagged as potential phishing attacks, they were forwarded to Amnesty, which carried out the tests. The human rights group said that there was a high probability that one or more actors from the Serbian state apparatus, or agents acting on their behalf, were involved in the attack.
Our organisations strongly condemn the latest example of spyware use to target investigative journalists in Serbia, which is prohibited as a criminal offense under the country’s Criminal Code. These attacks pose a serious threat to journalistic privacy, source protection and media freedom. Alarmingly, these are the seventh and eighth confirmed cases of spyware use against journalists in Serbia, posing a pattern of illegal yet unsanctioned spyware abuse.
The MFRR responded to previous revelations in December 2024 which showed how products made by Israeli company Cellebrite were being used by Serbian authorities to extract data from the phones of journalists and activists. Following Amnesty’s report, Cellebrite revoked its licence to the Serbian authorities. The revelations by Amnesty also documented how domestically-developed spyware, “NoviSpy”, had been developed to infect Android devices and capture confidential information and upload it to a government-controlled server.
The new revelations offer yet more damning evidence of the flagrant abuse of NSO’s technology by its clients. NSO claims its products are “sold exclusively to verified government users” such as state law enforcement and intelligence authorities, meaning its use in Serbia would be limited to state agencies.
Given the fresh abuses, our organisations firstly call on all Serbian intelligence authorities, police bodies, the Ministry of Interior, and the government to immediately provide transparent information about cyber-surveillance capabilities at their disposal and their use against journalists, as well as information about all ongoing contracts with private surveillance firms, any of which would violate the country’s laws.
Secondly, considering the growing body of evidence of Pegasus use by Serbian authorities, our groups demand that NSO Group launch an immediate internal review of any existing contracts with Serbian authorities, consider the repeated breaches of its terms of use, and swiftly revoke any existing contracts, as well as urgently review its safeguards procedures for abuse of its products by authoritarian states.
Thirdly, we urge the European Union to strongly condemn the targeting of journalists from BIRN Serbia, and to request urgent answers from Serbian government and law enforcement authorities about repeated abuses of spyware technology. More widely, the EU must take far stronger action to address spyware use against journalists and the rapidly deteriorating media freedom situation in Serbia, which has now reached its most worrying point in decades, in clear violation of fundamental democratic values required for EU accession.
Our organisations stand by BIRN Serbia, its journalists, and their important investigative work. We will continue to closely monitor, document and respond to all attacks on press freedom and journalists in Serbia, and will make spyware a central topic of investigation during the MFRR’s upcoming emergency visit to the country on April 7-9. During this trip we will gather information about other potentially unreported spyware attacks and work with partner organisations to investigate them.
This statement was coordinated by the Media Freedom Rapid Response (MFRR), a Europe-wide mechanism which tracks, monitors and responds to violations of press and media freedom in EU Member States and Candidate Countries.
