An Israeli-created spyware called Pegasus has been found on a device targeting Downing Streets' network.
The cyber security breach may have allowed 24-hour surveillance of calls, messages and photos from phones linked to the Foreign Office at least five times between July 2020 and June 2021.
An investigative journalist at the New Yorker magazine revealed multiple phones were investigated at Number 10, including Boris Johnson's.
The spyware is connected to a United Arab Emirates operator and the breach to the PM's device is thought to have occurred on 7 July 2020.
Prime Minister Boris Johnson's Downing Street phone was tested
Victoria Jones
National Cyber Security Centre officials however were unable to find the infected device after testing several phones and the damage to data could not be determined.
Israeli cyber firm NSO Group developed Pegasus
Amir Cohen
John Scott-Railton, a senior researcher at the Citizen Lab centre at the University of Toronto, told the New Yorker: "When we found the No10 case, my jaw dropped."
He alleged the UK Government was "spectacularly burned" after "underestimating the threat from Pegasus."
Citizen Lab's director, Ron Deibert, wrote on their website the nature of the Foreign Office having overseas staff meant the suspected breaches could have related to "devices located abroad and using foreign SIM cards."
Mr Deibert said it was "similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021."
Israeli company NSO Group are the developers of Pegasus, which can infect billions of phones running with either iOS or Android operating systems.
It could possibly be used to determine a person's current and previous location and who they might have been with.
The spyware even has the capability to secretly film a person through a device's camera and activate the microphone to record conversations.
Bill Marczak, another senior Citizen Lab researcher, said the researchers suspected the Downing Street hack "included the exfiltration of data."