Pegasus Spyware
NSO Group's Pegasus spyware can silently compromise any smartphone through zero-click exploits. A leaked list of 50,000+ targeted phone numbers included journalists, activists, and heads of state across dozens of countries.
A private Israeli company built spyware that can silently take over any smartphone on earth — read every message, listen to every call, activate the camera. Then it sold this capability to governments including Saudi Arabia, which used it to track journalist Jamal Khashoggi's associates before he was murdered and dismembered in a Saudi consulate.
Overview
Pegasus is military-grade spyware developed by the Israeli company NSO Group that can be covertly installed on smartphones running iOS and Android. Once installed, it can extract messages, emails, photos, record calls, and silently activate cameras and microphones. Advanced versions use "zero-click" exploits that require no user interaction — the phone can be compromised simply by receiving an invisible iMessage.
In July 2021, the Pegasus Project — a collaboration of 17 media organizations coordinated by Forbidden Stories and supported by Amnesty International's Security Lab — revealed that a leaked list of over 50,000 phone numbers had been selected for potential surveillance by NSO Group's government clients. Forensic analysis confirmed Pegasus infections on dozens of phones examined.
Targets included journalists investigating government corruption (including associates of murdered Saudi journalist Jamal Khashoggi), human rights activists, opposition politicians, and at least 14 heads of state. Client governments included Saudi Arabia, UAE, Morocco, Mexico, India, and Hungary, among others.
The US Commerce Department placed NSO Group on its Entity List in November 2021, restricting American companies from doing business with it. Apple filed a lawsuit against NSO Group. The EU Parliament established a committee of inquiry (PEGA Committee) that recommended member states impose a moratorium on the use of Pegasus-type spyware.
Timeline
First Detection
Citizen Lab at the University of Toronto discovers Pegasus being used against UAE human rights activist Ahmed Mansoor.
Citizen Lab report
Khashoggi Connection
Jamal Khashoggi murdered in Saudi consulate. Investigation reveals associates' phones were infected with Pegasus.
Citizen Lab analysis, UN investigation
Pegasus Project Published
17 media organizations reveal leaked list of 50,000+ targeted phone numbers from NSO Group clients.
Forbidden Stories consortium
US Blacklists NSO Group
Commerce Department adds NSO Group to Entity List for activities 'contrary to US national security.'
Commerce Department Entity List
Apple Sues NSO Group
Apple files lawsuit against NSO Group seeking to ban the company from using Apple products and services.
Apple Inc. v. NSO Group filing
Key Players
Shalev Hulio
Co-founded NSO Group in 2010. Claims Pegasus is sold only to vetted governments for lawful surveillance.
Ahmed Mansoor
Emirati human rights defender whose phone led to the first public discovery of Pegasus in 2016. Currently imprisoned in the UAE.
Bill Marczak
Senior researcher at Citizen Lab who has led technical investigations into Pegasus infections worldwide.
Zero-Click Exploits
Early versions of Pegasus required the target to click a malicious link. By 2019, NSO Group had developed zero-click exploits that could compromise a phone with no user interaction. The most notable was FORCEDENTRY, which exploited a vulnerability in Apple's iMessage to silently install Pegasus.
Citizen Lab's forensic analysis showed that targets' phones could be infected simply by receiving an invisible iMessage — no notification appeared, no user action was needed, and the infection left minimal forensic traces. Apple patched the vulnerability after Citizen Lab's disclosure, but NSO Group is believed to continuously develop new exploits.
The sophistication of these exploits demonstrates nation-state-level capabilities being sold commercially, effectively putting the surveillance power of intelligence agencies in the hands of any government willing to pay.
The Khashoggi Connection
The connection between Pegasus and the murder of journalist Jamal Khashoggi is among the most disturbing documented use cases. Khashoggi, a Washington Post columnist critical of Saudi Crown Prince Mohammed bin Salman, was murdered and dismembered inside the Saudi consulate in Istanbul on October 2, 2018.
Forensic analysis by Citizen Lab confirmed that phones belonging to people close to Khashoggi — including his fiancée and a close associate — had been infected with Pegasus by Saudi Arabia before the murder. The UN Special Rapporteur's investigation concluded that the surveillance likely contributed to the operation by providing intelligence on Khashoggi's movements and plans.
NSO Group has denied knowledge of or involvement in the murder. However, the company's own stated safeguards — that it only sells to "vetted governments" for "lawful" purposes — ring hollow when one of its most prominent clients used its technology in connection with the assassination of a journalist.
The Global Surveillance Market
Pegasus is the most well-known product in a growing commercial surveillance industry. Other companies including Candiru (also Israeli), Cytrox (North Macedonia), and Intellexa (EU-based) sell similar capabilities. The industry generates billions in revenue and operates in a regulatory gray zone.
The fundamental problem: these companies sell capabilities that were once exclusive to major intelligence agencies — the NSA, GCHQ, Mossad — to any government willing to pay. Countries without the technical capacity to develop their own surveillance tools can now purchase turnkey solutions that compromise encrypted communications, bypass security measures, and operate invisibly.
The EU PEGA Committee found that EU member states including Hungary, Poland, Spain, and Greece had used Pegasus against domestic political opponents, journalists, and activists. Hungary's use was particularly well-documented: the Orbán government targeted investigative journalists, opposition politicians, and even a photographer.
The Bottom Line
Pegasus demonstrates that the democratization of surveillance technology is one of the most significant threats to press freedom, political opposition, and human rights worldwide. The technology exists, it works, and the regulatory frameworks to control it do not.
Primary Sources5 cited
Citizen Lab Technical Reports
University of Toronto Citizen Lab forensic analyses of Pegasus infections.
Pegasus Project Investigation
Forbidden Stories consortium investigation revealing 50,000+ targeted phone numbers.
Apple Inc. v. NSO Group
Apple's federal lawsuit against NSO Group.
EU PEGA Committee Report
European Parliament committee of inquiry into Pegasus spyware use in EU member states.
UN Special Rapporteur Khashoggi Report
UN investigation into the murder of Jamal Khashoggi and the role of surveillance technology.
Connected Topics
More in INTELLIGENCE & BLACK OPS
Continue investigating related topics in this category
Despite the Warren Commission's lone gunman conclusion, the House Select Committee on Assassinations found in 1979 that JFK was 'probably assassinated as a result of a conspiracy.' Thousands of documents remain classified.
Edward Snowden's 2013 revelations proved the NSA was collecting phone records of millions of Americans and had direct access to servers of major tech companies through programs like PRISM and XKeyscore.
The CIA operated secret detention facilities in at least 54 countries where detainees were subjected to waterboarding, sleep deprivation, and other 'enhanced interrogation techniques' — documented in the 6,700-page Senate Torture Report.
Operation Mockingbird was a CIA program that recruited journalists and media organizations to spread CIA-approved narratives domestically and abroad. Confirmed by the Church Committee in 1975, the program's scale and whether similar operations continue remains debated.