The Unseen Battlefield: Meduza CEO's Pegasus Spyware Attack and the Implications for Russian Journalism


Published on Sep 14, 2023   —   2 min read

In a world where the lines between cyber warfare and journalism are increasingly blurred, the recent hacking of Galina Timchenko, the CEO of Russian independent media outlet Meduza, serves as a chilling reminder. Her iPhone was compromised by Pegasus spyware, a notorious tool developed by the Israeli company NSO Group. This incident marks the first documented case of a Russian citizen being targeted by Pegasus, according to Access Now and the Citizen Lab, nonprofits that investigated the hack.

The Anatomy of the Attack

The attack occurred in February, shortly after the Russian government outlawed Meduza for its critical reporting on Vladimir Putin's regime and the ongoing war in Ukraine. The spyware was installed while Timchenko was attending a private conference in Berlin with other Russian independent journalists living in exile. Pegasus is capable of accessing calls, messages, photos, and even activating the device's camera and microphone.

The attackers likely exploited a zero-click vulnerability in Apple's HomeKit and iMessage. Zero-click exploits are particularly insidious as they require no interaction from the victim. This raises questions about the efficacy of existing mobile security solutions in the face of state-sponsored cyber threats.

Who's Behind the Curtain?

While Pegasus is exclusively sold to government agencies, the identity of the attackers remains a mystery. Possibilities range from countries with ties to Russia, like Azerbaijan, Kazakhstan, or Uzbekistan, to Latvia or Germany, where Meduza is located and where the phone was compromised.

The inability to pinpoint the attacker underscores the complexities of attribution in cyber warfare. It also highlights the need for robust threat intelligence and international cooperation to counter such sophisticated attacks.

The Human Element

Timchenko expressed concerns that her contact list might now be in the hands of the attackers, putting anyone in it at risk, especially if the attackers were Russian. "Independent journalists from Russia and other nations might feel trapped, facing pressure from both their own governments and their formidable security systems, as well as the intelligence agencies in the countries where they seek refuge," said Ivan Kolpakov, Meduza’s chief editor.

This incident raises ethical questions about the sale of advanced spyware to government agencies that could potentially use it against journalists, activists, and civilians. It's a stark reminder that in the digital age, the pen may be mightier than the sword, but the keyboard can be an even more potent weapon.

Actionable Solutions

  1. For Journalists: Use hardware security keys and end-to-end encrypted communication platforms. Regularly update all software to minimize vulnerabilities.
  2. For Governments: Establish stricter regulations on the sale and export of spyware and other cyber weapons.
  3. For the Public: Advocate for digital rights and press freedom. Support organizations that are working to protect journalists and activists from cyber threats.


The hacking of Galina Timchenko serves as a cautionary tale for journalists worldwide. It's a grim testament to the evolving threats that journalists face, not just in authoritarian regimes but also in the very countries where they seek refuge. As we continue to navigate this complex landscape, one thing is clear: the battle for truth has extended into the digital realm, and it's a battle we cannot afford to lose.

Share on Facebook Share on Linkedin Share on Twitter Send by email

Subscribe to the newsletter

Subscribe to the newsletter for the latest news and work updates straight to your inbox, every week.