Amnesty International has accused Serbian officials of deploying spyware on the phones of journalists and activists, according to a report released Monday.

The spyware, dubbed "NoviSpy" by Amnesty, was allegedly used to extract sensitive information, including contacts and private photos, and upload it to servers controlled by the Serbian intelligence agency, BIA.

The findings, based on digital forensic evidence and testimony from activists, suggest that Serbian authorities used technology from Israeli company Cellebrite to unlock devices before infecting them with NoviSpy.

Cellebrite tools are widely used by law enforcement globally, including the FBI.

Read more: Israeli NSO, not government clients, controls spyware operations

Allegations of targeted surveillance

Amnesty reports that activists and journalists experienced suspicious activity on their phones immediately after encounters with Serbian police or intelligence officials.

One activist stated that their contacts were exported and private photos were sent to a government-controlled server shortly after a meeting with BIA.

The spyware reportedly took covert screenshots of infected devices and copied data to facilitate ongoing surveillance.

🚨 BREAKING: Amnesty’s latest report on digital surveillance in Serbia: new *NoviSpy* spyware discovered; zero days identified and patched; and first evidence showing use of Cellebrite UFED forensic products to unlock phones to then infect with spyware. 🧵 pic.twitter.com/HGYHvnXa4W

— Donncha Ó Cearbhaill (@DonnchaC) December 16, 2024

Cellebrite Investigates Misuse

Cellebrite, the Israeli firm whose tools were used to unlock phones, stated that it does not create spyware and emphasized that such usage would violate its licensing agreements.

"Should those accusations be accurate, that could potentially be in violation of our end user license agreement," said Chief Marketing Officer David Gee.

Cellebrite has begun contacting Serbian officials and warned it could suspend their access to its technology if the allegations are substantiated.

International implications

The spyware technology was part of an EU integration support program funded by Norway and administered by the United Nations Office for Project Services (UNOPS) between 2017 and 2021.

The program was intended to help Serbia combat organized crime.

Norwegian authorities raised concerns about the program in 2018, temporarily halting deliveries of Cellebrite devices to Serbia. Despite these concerns, the technology was delivered in 2019.

Read more: Israeli Intellexa spyware entity, five individuals under US sanctions

Norway's Deputy Foreign Minister, Maria Varteressian, described the allegations as "alarming and unacceptable" and pledged to meet Serbian authorities and UNOPS to seek clarity.

UNOPS welcomed Amnesty's report and stated that it has since enhanced mechanisms to mitigate potential abuses, though it did not provide details.

Serbia denies allegations

Serbian intelligence agency BIA denied the accusations, stating it operates within local laws and called Amnesty's report "nonsensical."

Serbia's interior and foreign ministries have yet to respond to the allegations.