Pegasus spyware is suspected to have been used to infect the 10 Downing Street network, researchers at Canadian internet security watchdog Citizen Lab have concluded.
A device connected to that network was infected using the spyware on 7 July 2020, according to a report on the research by the New Yorker.
The report added that the National Cyber Security Centre (NCSC) tested several phones at Downing Street including that of the prime minister – but was unable to locate the infected device.
It said the nature of any data taken was never determined.
John Scott-Railton, a senior researcher at the Citizen Lab, told the New Yorker: “When we found the Number 10 case, my jaw dropped.”
Another senior researcher, Bill Marczak, told the publication: “We suspect this included the exfiltration of data.”
Ron Deibert, director of the Citizen Lab, confirmed in a statement that in 2020 and 2021 it had “observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks”.
These included 10 Downing Street and the Foreign & Commonwealth Office (FCO).
Mr Deibert said the suspected infections relating to the FCO “were associated with Pegasus operators that we link to the UAE, India, Cyprus and Jordan”.
The suspected infection at 10 Downing Street “was associated with a Pegasus operator we link to the UAE,” he added.
According to the New Yorker, the UAE did not respond to multiple requests for comment.
Sky News has contacted the NCSC and the FCO for comment.
A government spokesperson said: “We do not routinely comment on security matters.”
Earlier this year, it emerged that the Foreign Office was targeted in a “serious cyber security incident” for which it paid contractor BAE Applied Intelligence £467,000 for urgent support.
Details of the incident or any damage caused were not made clear at that time.
An investigation last year found that the Pegasus spyware, developed by Israeli surveillance company NSO, was used to target journalists, politicians and government officials in more than 50 countries.
NSO has repeatedly said that it is “not involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies”.