Pegasus installed on Indian journalist’s phone while he was probing Adani issue

TNM has learnt that journalist Anand Mangnale got an alert from ZecOps which is an app that alerts when there is a security threat and using advanced digital forensics.
Anand Mangnale
Anand Mangnale
Written by:

In an explosive report, the Washington Post has revealed that the Indian government summoned top executives of Apple and pressured them to alter their statement after the US company warned several journalists, activists and opposition leaders about the government’s attempts to hack their phones. The Post report cited three unnamed sources who told the American newspaper that officials from Prime Minister Narendra Modi’s administration demanded that the company mislead the public by “coming up with alternative explanations” for the security warnings that it issued to more than 20 individuals about their phones being compromised.

On October 31, Apple had sent alerts to leaders of opposition parties within the INDIA coalition, as well as independent journalists saying, “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.” After many of the recipients of this notification shared screenshots on social media, the company further clarified that it was not referring to any specific state actor but maintained that such sophisticated technology is only available to government agencies.

Some of the prominent targets of the latest hacker attack include the Trinamool Congress (TMC) leader Mohua Moitra, Congress leader Shashi Tharoor, BRS leaders KT Rama Rao and Kavitha Kalvakuntla, Praveen Chakravarthy who heads the Congress’ data analytics department as well as journalists Anand Mangnale of the Organised Crime and Corruption Reporting Project (OCCRP) and Siddharth Varadarajan, Founding Editor of The Wire. Forensic investigations by  Amnesty International’s Security Lab confirmed that Pegasus had been installed in Siddharth and Anand’s phones in 2023. 

Anand and Ravi had worked on a story which threw up fresh evidence of offshore money laundering involving the Adani Group. On August 22, the journalists wrote to the company seeking a response to their findings. A forensic analysis of Anand’s phone, conducted by Amnesty using IVerify and shared with the Post, found that the device had been infected with Pegasus within 24 hours of seeking a response from the Adani Group. In the past, the makers of Pegasus, the Israeli firm NSO, has claimed in the Supreme Court that it sells its surveillance equipment only to sovereign governments. 

TNM has learnt that Anand got an alert from ZecOps which is an app that alerts when there is a security threat and uses advanced digital forensics. The alerts started coming on August 23 and then the phone was submitted to OCCRP and Amnesty for forensic analysis. “Anand Mangnale’s phone was vulnerable to this zero-click exploit at the time of the attack. It is currently unclear if the exploit attempt resulted in a successful compromise of his device.

The ZecOps report
The ZecOps report

The attempted targeting of Anand Mangnale’s phone happened at a time when he was working on a story about an alleged stock manipulation by a large multinational conglomerate in India,” Amnesty said. 

Amnesty also said that forensic investigations confirmed that Siddharth Varadarajan was among the journalists recently targeted with Pegasus spyware on their iPhones, with the latest identified case occurring in October 2023. “Siddharth Varadarajan was targeted and infected with Pegasus spyware in 2018. Siddharth Varadarajan was targeted again with Pegasus on 16 October 2023. The same attacker-controlled email address used in the Pegasus attack against Anand Mangnale was also identified on Siddharth Varadarajan’s phone, confirming that both journalists were targeted by the same Pegasus customer.”

The Post said that in a written response to their email to the Adani Group, its head of Corporate Communications, Varsha Chainani, told them, “While categorically denying and rejecting this insinuation, we find it disturbing and inappropriate that you would make an attempt to draw our name into this specious construct,” adding, “The Adani Group operates with the highest level of integrity.”

The report in the Washington Post is the latest in a series of journalistic investigations that have thrown up evidence of illegal phone tapping by the government. Indeed, one of the matters is in the Supreme Court and the government has refused to cooperate with the court appointed committee to investigate hacking allegations.

Two years ago, a joint investigation by the Forbidden Stories Consortium, which included the Post, found that the phones of many independent journalists, human rights activists and opposition leaders had been infected by the Israeli spyware, Pegasus. 

In recent weeks, the Post conducted another investigation in collaboration with Amnesty International and the New York based security firm IVerify. It found fresh cases of hacking. The newspaper alleged that its investigation added “evidence suggesting the Indian government’s use of powerful surveillance tools.”

Related Stories

No stories found.
The News Minute