Another Israeli spyware allegedly operating in Hungary – Suspected government ties

A new international cybersecurity report reveals that infrastructure for DevilsTongue, an Israeli spyware program, may still be active in Hungary. The software, sold exclusively to government clients, is capable of surveillance, data theft, and even remote manipulation of the target’s device—much like the notorious Pegasus.

The investigation was conducted by the Insikt Group, a division of Recorded Future, and its findings have been reported by multiple outlets, including Hungarian investigative journalist Szabolcs Panyi of Direkt36. According to the report, eight global clusters linked to DevilsTongue have been identified, five of which remain active. One of these is located in Hungary and may have been operational since 2019.

Israeli spyware in Hungary—again

DevilsTongue is developed by Candiru, an Israeli firm that has previously been mentioned in the Hungarian press, though it is less well-known than NSO Group, the maker of Pegasus. Candiru works solely with government clients and markets its spyware at a steep price. According to Telex, just the most basic package—capable of monitoring up to ten targets—cost around EUR 16 million a few years ago. Additional features can be purchased, including full access to the targeted device, potentially allowing operatives to plant incriminating material.

Highly sophisticated operation

The spyware operates with a high level of sophistication, able to infect Windows-based systems through malicious links, files, or even via physical access. Both Citizen Lab and Microsoft warned about the dangers of DevilsTongue back in 2021, raising concerns that Hungary might already have been affected.