A forensic analysis of dozens of smartphones belonging to journalists and activists around the world discovered spyware created by NSO Group.

Pegasus spyware was created by an Israeli spyware firm to track terrorist organizations and global criminal cartels.

An investigation published on Sunday spearheaded by multiple media outlets and news organizations has discovered that Pegasus spyware has been used to monitor journalists and activists around the world.

A group of more than a dozen media outlets from around the world teamed up for a comprehensive report that looks at how the Pegasus spyware created by the Israeli firm, NSO Group, was used to hack into phones belonging to reporters, business executives, and human rights activists.

The investigation discovered the spyware on a phone belonging to Hatice Cengiz, the fiancée of Jamal Khashoggi, a journalist assassinated in 2018 by the Saudi Arabian government for his work. The report also found that Khashoggi’s wife, Hanan Elatr, was a target of the spyware, but researchers were unable to confirm whether her phone had been infected.

A forensic analysis conducted found the spyware was used in hacking attempts on 37 smartphones belonging to journalists and activists. The numbers belonging to these phones were discovered on a list leaked to the human rights organization Amnesty International and the Paris-based news nonprofit Hidden Stories.

This leaked list contained more than 50,000 phone numbers based in countries that regularly engage in civilian surveillance and are known to be clients of the NSO Group. The forensic analysis was conducted by ​​Amnesty’s Security Lab.

NSO Group’s Pegasus spyware is a fairly sophisticated technology. A target is text messaged a link and is convinced to click it. With a single tap on that malicious link, the spyware is installed on the target’s phone. From there, the attacker has limitless access to their target’s device — from emails and text messages stored there to the ability to activate the camera or microphone. The spyware then transmits the data from the hacked phone to the attacker.

Most alarming is that the Pegasus spyware has become even more advanced over time and can now be installed without any interaction from the target. Through a “zero-click” attack, an attacker can simply target a phone with the spyware without relying on the target to do anything, thanks to security exploits found in mobile operating systems.



The NSO Group is denying the allegations uncovered in the report, saying it had conducted its own investigation and found the claims to be false. The firm said that it does not operate the spyware for its customers and would have no access to any data obtained through its software. NSO Group said it would shut down a customer’s access to Pegasus if it had discovered misuse.

The Israeli spyware firm is considering a defamation lawsuit over the investigation.

However, this isn’t the first time the NSO Group’s spyware was found to be surveilling journalists and activists. In 2019, WhatsApp sued the firm. The popular messaging app claimed that NSO Group’s Pegasus was used to hack more than 1,000 of its users, including Rwandan dissidents and Indian journalists.

Following that, a Citizen Lab investigation found that dozens of Al Jazeera journalists and employees were hacked using NSO Group’s Pegasus spyware in 2020.

©