The controversial spyware Pegasus and its operator, the Israeli NSO Group, is once again in the news. Last week, in documents filed in a judgment between NSO and WhatsApp, they admitted that any of their clients can target anyone with their spyware, including government or military officials because their jobs are inherently legitimate intelligence targets.
NSO has in the past been very circumspect about who is infected with their spyware, which uses so-called “zero-click” methods meaning that a potential target doesn’t have to click on anything to activate the software. It can access call and message logs, remotely enable the camera and microphone and track the phone’s location, all without any notification to the phone’s owner.
The company has clients around the world, and Pegasus has been deployed in Hungary, the United Arab Emirates, Saudi Arabia, Thailand, Poland, El Salvador and Mexico. Last fall, the security researchers at The Citizen Lab and Access Now discovered Pegasus on seven phones belonging to Russian and Belarusian journalists and activists critical of Russia’s Ukraine invasion. These individuals have been targets of other surveillance methods and physical threats, although the precise nation state source of them isn’t clear.