Another Israeli spyware allegedly operating in Hungary – Suspected government ties

Israeli spyware Hungary
Prime Minister Viktor Orbán welcomes Israeli Prime Minister Benjamin Netanyahu at the Carmelite Monastery on 3 April 2025. Photo: MTI/Miniszterelnöki Sajtóiroda/Fischer Zoltán

A new international cybersecurity report reveals that infrastructure for DevilsTongue, an Israeli spyware program, may still be active in Hungary. The software, sold exclusively to government clients, is capable of surveillance, data theft, and even remote manipulation of the target’s device—much like the notorious Pegasus.

The investigation was conducted by the Insikt Group, a division of Recorded Future, and its findings have been reported by multiple outlets, including Hungarian investigative journalist Szabolcs Panyi of Direkt36. According to the report, eight global clusters linked to DevilsTongue have been identified, five of which remain active. One of these is located in Hungary and may have been operational since 2019.

Israeli spyware in Hungary—again

DevilsTongue is developed by Candiru, an Israeli firm that has previously been mentioned in the Hungarian press, though it is less well-known than NSO Group, the maker of Pegasus. Candiru works solely with government clients and markets its spyware at a steep price. According to Telex, just the most basic package—capable of monitoring up to ten targets—cost around EUR 16 million a few years ago. Additional features can be purchased, including full access to the targeted device, potentially allowing operatives to plant incriminating material.

Highly sophisticated operation

The spyware operates with a high level of sophistication, able to infect Windows-based systems through malicious links, files, or even via physical access. Both Citizen Lab and Microsoft warned about the dangers of DevilsTongue back in 2021, raising concerns that Hungary might already have been affected.

The latest report has reignited scrutiny over Candiru’s ties to Hungary, further fueled by an incident last summer. German Green Party MEP Daniel Freund, an outspoken critic of Prime Minister Viktor Orbán’s government, claimed he had been targeted via an email containing a malicious link. While the perpetrator remains unknown, Freund suggested the Hungarian government could not be ruled out as a suspect.

Candiru’s name frequently surfaces in connection with international surveillance scandals. In 2021, the United States placed the company on a blacklist, and in 2022, it was revealed that the Spanish government used the software against Catalan independence activists.

The Hungarian government has yet to respond to the new report. Meanwhile, the Insikt Group emphasised that unless used strictly for law enforcement or anti-terrorism purposes, the deployment of such spyware raises serious human rights and democratic concerns.

Read also:

To read or share this article in Hungarian, click here: Helló Magyar

elomagyarorszag.hu
Tags