London Daily

Focus on the big picture.
Tuesday, Jul 07, 2026

No 10 suspected of being target of NSO spyware attack, Boris Johnson ‘told’

No 10 suspected of being target of NSO spyware attack, Boris Johnson ‘told’

No 10 subjected to UAE-linked spyware attack, says report, but Israeli firm suggests allegations are false

Boris Johnson has been told his Downing Street office has been targeted with “multiple” suspected infections using Pegasus, the sophisticated hacking software that can turn a phone into a remote listening device, it was claimed on Monday.

A report released by Citizen Lab at the University of Toronto said the United Arab Emirates was suspected of orchestrating spyware attacks on No 10 in 2020 and 2021.

Pegasus is the hacking software – or spyware – developed, marketed and licensed to governments around the world by the Israeli firm NSO Group. It has the capability to infect phones running either iOS or Android operating systems.

Citizen Lab added there had also been suspected attacks on the Foreign Office over the same two years that were also associated with Pegasus operators linked to the UAE – as well as India, Cyprus and Jordan.

The researchers, considered among the world’s leading experts in detecting digital attacks, announced they had taken the rare step of notifying Whitehall of the attack as it “believes that our actions can reduce harm”.

However, they were not able to identify the specific individuals within No 10 and the Foreign Office who are suspected of having been hacked.

In a statement, Citizen Lab said: “We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks. These included: the prime minister’s office (10 Downing Street) [and] the Foreign and Commonwealth Office …

“The suspected infections relating to the FCO were associated with Pegasus operators that we link to the UAE, India, Cyprus and Jordan. The suspected infection at the UK prime minister’s office was associated with a Pegasus operator we link to the UAE.”

The allegations will raise serious questions for Boris Johnson about a possible security breach.


The Biden administration took the extraordinary step of placing NSO on a US blacklist last November, saying it had evidence the company had sold surveillance spyware to foreign governments that had used it for “transnational repression”. At the time, an NSO spokesperson said it was ‘“dismayed by the decision”.

The allegations will raise significant questions about a possible national security breach at the highest levels of the British government.

The governments of the UAE, India, Cyprus and Jordan have been approached for comment.

A UK government spokesperson said: “We do not routinely comment on security matters.”

An NSO spokesperson said: “NSO continues to be targeted by a number of politically motivated advocacy organisations like Citizen Lab and Amnesty to produce inaccurate and unsubstantiated reports based on vague and incomplete information.

“We have repeatedly cooperated with governmental investigations, where credible allegations merit. However, information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons.”

The Pegasus project, a collaborative investigation into NSO that included the Guardian, the Wire, Le Monde and the Washington Post, revealed dozens of cases last year in which NSO’s Pegasus was used by government clients, from Saudi Arabia to Mexico, to target dissidents and journalists. The work was among the recipients of the prestigious 2021 George Polk awards in journalism.

NSO is regulated by the Israeli defence ministry and sells Pegasus spyware to governments around the world. When it is successfully deployed against a target, Pegasus can infect any phone. It can intercept phone calls, view photographs, track an individual’s location and turn a phone into a remote listening device.


The Citizen Lab director, Ron Deibert, said he believed the infections could have been related to FCO devices located abroad. Explaining his reasoning for alerting Johnson, he explained that the UK “is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy”. Therefore, he added “we believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware”.

The UK development comes months after an investigation into NSO found that the mobile phone of a serving French minister, François de Rugy, showed digital traces of activity associated with Pegasus spyware. His details appeared on a leaked database, which also included mobile numbers for the French president, Emmanuel Macron, and most of his 20-strong cabinet, along with the then prime minister, Édouard Philippe.

In response, an NSO Group spokesperson said Macron and other French officials on the list “are not and never have been Pegasus targets”. They added: “It is not a list of targets or potential targets of NSO’s customers.”

In October last year, a UK court found that Sheikh Mohammed bin Rashid al-Maktoum of Dubai used Pegasus to hack the phone of his ex-wife Princess Haya and five of her associates.

The court found that the hacking of Haya and her associates, including Fiona Shackleton, who sits in the House of Lords, occurred while the former couple were locked in court proceedings in connection to the welfare of their two children.

Johnson’s government was accused by some MPs last November of prioritising trade agreements over national security in its handling of surveillance abuses on British soil by governments using Pegasus.

In November, a letter to the prime minister signed by 10 MPs and peers called on the government to end its cybersecurity programmes with countries that are known to have used NSO spyware to target dissidents, journalists and lawyers – and impose sanctions on NSO.

It also called for the suspension of all UK spyware licences and cybersecurity contracts with Gulf nations implicated in cyber-attacks in the UK.

Newsletter

Related Articles

0:00
0:00
Close
UK Met Office Issues Heatwave Alerts for London and Southern England
Keir Starmer Blocks Earlier World Cup Kick-Off Time for England Match Against Mexico
NHS Digital Transformation and Media Consolidation Highlight UK Policy Priorities
UK Government Pushes Digital Trade Rules to Cut Export Costs for Businesses
Bank of England Plans Leverage Rule Changes to Support Government Bond Market
UK Police Operation Targets Organised Immigration Crime Networks With Hundreds of Arrests
Yvette Cooper Calls for Global AI Rules to Prevent Security Risks
NHS Begins Major AI Expansion Through £10 Billion Digital Investment Programme
UK Government Tightens Rules on Political Donations to Limit Foreign Influence
Keir Starmer Defends UK Defence Spending Plan at NATO Summit in Turkey
Comcast’s Sky Agrees £1.6 Billion Deal to Acquire ITV Media and Entertainment Division
Senior NHS Doctors Vote in Favour of Renewed Strike Action Over Pay Dispute
Andy Burnham Set to Succeed Keir Starmer as Labour Leadership Nominations Open
Microsoft Lays Off 4,800 Employees and Xbox Suffers the Hardest Blow
Deep Purple Has Released Its Best Album in Decades
Office for National Statistics Updates Historical Investment Data Review to Improve Accuracy
Department for Science, Innovation and Technology Highlights Economic Gains From Digital Inclusion
Debate Intensifies Over UK Defence Strategy and Domestic Security Priorities
Report Warns Full Transport Accessibility Could Add £176 Billion to UK Economy Annually
Medicines Regulator Approves First Targeted Treatment for Advanced Merkel Cell Skin Cancer
Government Commits £22 Million to Brighton Seafront Infrastructure Renewal and Transport Safety
National Security Bill Returns to House of Commons Amid Calls to Protect Humanitarian Work
Government Tightens Overseas Political Donation Rules to Strengthen Safeguards Against Foreign Influence
NHS Maternity Reform Expands Central Oversight After Critical National Review
Dover Border Warnings Highlight Post-Brexit Pressure on Cross-Channel Trade
Private Nuclear Consortium Advances £35 Billion Small Reactor Strategy in UK
UK Labour Leadership Signals Shift Toward Reindustrialisation and Regional Power
House of Lords Debates Rail Nationalisation Bill to Create Great British Railways
Scottish Affairs Committee Expands Inquiry Into SNP Financial Conduct
Evri Launches £1.2 Million Defamation Case Against BBC Over Panorama Investigation
Port of Dover Warns of Border Delays as EU Entry-Exit System Looms
Nigel Farage Referred to Standards Watchdog Over Alleged Undeclared Benefits
UK Government Faces Scrutiny Over Claimed AI Datacentre Investment After FOI Findings
UK and India Finalise Trade Agreement Rules Ahead of Mid-July Implementation
UK Government Establishes National Maternity Commissioner After Major Review of NHS Care Failures
Private Consortium Plans £35 Billion UK Nuclear Programme Targeting Small Modular Reactor Rollout
Andy Burnham Sets Out Ten-Year Reindustrialisation and Devolution Plan as Leadership Transition to UK Premiership Advances
Morocco and France Advance as 2026 FIFA World Cup Enters Quarterfinals.
Historic 2026 Tour de France Opens in Barcelona With Revamped Team Time Trial.
Global Mergers and Acquisitions Approach $4 Trillion Defying Geopolitical Tumult.
Negotiators Advance 20-Point Framework for Gaza Ceasefire and Demilitarization.
OECD Warns Middle East Conflict Will Depress Global Economic Growth.
Ukrainian Drones Strike Major Oil Terminal in St. Petersburg.
World Meteorological Organization Issues Urgent Alert Over Rapidly Intensifying El Niño.
United States Commemorates 250th Anniversary With Diplomatic Summits and Global Flotilla.
Iran Begins Days-Long Funeral for Supreme Leader Khamenei Amid Strait of Hormuz Standoff.
Technology giant reports surging carbon emissions driven by artificial intelligence infrastructure demands.
Artificial intelligence adoption accelerates workforce reductions across the technology and financial sectors.
Global technology and financial conglomerates collaborate to launch a new stablecoin standard.
United States regulators lift export restrictions on a major frontier artificial intelligence model.
×