Serbian authorities are systematically targeting journalists and activists through sophisticated homegrown spyware called ‘NoviSpy’, transforming routine police interactions into covert surveillance operations that strip away citizens’ digital privacy and fundamental rights.
This previously unknown spyware was developed domestically and seemingly deployed by Serbia’s Security Information Agency (BIA). The spyware represents a new frontier for digital repression, capable of remotely activating a target’s phone microphone and camera while extracting sensitive personal data.
A particularly disturbing method emerged during the investigation: state agents reportedly installed spyware during seemingly routine police interviews. In one stark example, independent journalist Slavisa Milanov discovered his phone had been compromised after a traffic stop, with forensic analysis revealing unauthorised data extraction using Cellebrite’s mobile forensics technology.
The investigation found that at least three activists and one journalist had NoviSpy covertly installed on their devices during police interactions. Technical evidence uncovered by Amnesty International suggests dozens, potentially hundreds, of unique devices might have been targeted over recent years.
Most concerning is the spyware’s direct connection to BIA. Forensic analysis revealed that spyware samples communicated with servers hosted in Serbia, with one sample configured to connect directly to an IP address range associated with the agency.
Configuration data is even linked back to a specific BIA employee who was previously involved in procuring spyware.

The surveillance occurs against a backdrop of increasing state repression in Serbia. Since 2021, the country has experienced multiple waves of anti-government protests, each met with increasingly harsh governmental responses. Following protests against lithium mining and EU agreements in July and August 2024, authorities escalated their crackdown on civil society.
Cellebrite, the company behind the forensic tools used, claims its technology is strictly for lawful investigations. However, Amnesty International argues that the company has argued to prevent its tools from being misused to violate human rights.
“Our digital investigative software solutions do not install malware nor do they perform real-time surveillance consistent with spyware or any other type of offensive cyber security,” the cyber security company told Amnesty International. “We are investigating the claims made in this report. Should they be validated, we are prepared to impose appropriate sanctions, including termination of Cellebrite’s relationship with any relevant agencies.”
The implications extend far beyond Serbia. This case study demonstrates how advanced surveillance technologies can be weaponised against civil society, chilling free expression and undermining fundamental democratic freedoms.
Amnesty International calls for immediate action: Serbia must halt its invasive surveillance practices, conduct independent investigations, and establish robust legal frameworks to prevent such rights violations. Tech companies like Cellebrite are urged to implement rigorous human rights due diligence to prevent their technologies from becoming instruments of oppression.
In the News: Clop ransomware gang claims responsibility for Cleo data-theft