The NSO Group’s Pegasus spyware targeted victims in 45 countries

• Between 2016 and 2018, the Pegasus spyware was deployed across 45 countries.
• Experts believe that at least 10 Pegasus operators are likely “actively-engaged” in cross-border surveillance.

Pegasus is believed to be one of the most intrusive and prolific spyware variants to have ever emerged. It is the brainchild of the Israeli surveillance products vendors - the NSO Group.

According to researchers at Citizen Lab, who have been tracking Pegasus’ activities over the past few years, the spyware has been and continues to be used by authoritative governments with a murky human rights policies.

“Our findings paint a bleak picture of the human rights risks of NSO’s global proliferation,” Citizen Lab researchers said in a new report. At least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.”

How Pegasus infects targets

Pegasus is installed onto targeted devices by tricking victims into clicking on an exploit link. When clicked, this exploit drops a chain of zero-day exploits that invade the targeted device’s security features and installs Pegasus. Once the spyware is installed, it connects to its C2 server to receive and execute the spyware operator’s commands.

The Pegasus spyware is capable of targeting both Android and iOS devices. It can also steal victims’ personal data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps, and sends all this to the C2 server.

“While some NSO customers may be using Pegasus spyware as part of ‘lawful’ criminal or national security investigations, at least six countries with significant Pegasus operations have a public history of abusing spyware to target civil society,” Citizen Lab reported.

Pegasus targets

Previously, Pegasus has been used by several authoritative governments to spy on journalists, dissidents, activists, lawyers, and political opponents, among others. However, Citizen Lab’s new report indicates that Pegasus is currently being operated by around 36 different groups and is targeting victims in countries such as the US, the UK, France, Canada, Switzerland, Brazil, India, Pakistan, Bangladesh, Saudi Arabia, and Egypt, among others.

“Ten Pegasus operators appear to be conducting surveillance in multiple countries. While we have observed prior cases of cross-border targeting, this investigation suggests that cross-border targeting and/or monitoring is a relatively common practice,” Citizen Lab said. “The scope of this activity suggests that government-exclusive spyware is widely used to conduct activities that may be illegal in the countries where the targets are located.”

NSO Group denies breaking software export laws

In response to the Citizen Lab report, the NSO Group issued a statement denying that its products are used to unlawfully spy on people. The Israeli firm also claimed that it does not sell its products to some of the countries mentioned in Citizen Lab’s recent report.

“There are multiple problems with Citizen Lab’s latest report. Most significantly, the list of countries in which NSO is alleged to sell or where our customers presumably operate the products is simply inaccurate,” NSO Group said in a statement. “NSO does not sell its products in many of the countries listed. The product is only licensed to operate in countries approved under our Business Ethics Framework and the product will not operate outside of approved countries. As an example, the product is specifically designed to not operate in the USA.”