Malware & Spywarecritical

Pegasus Spyware: NSO Group's Commercial Tool Used Against Journalists and Dissidents

NSO Group's Pegasus spyware, sold to governments as a lawful interception tool, was found on the phones of 180 journalists, 600 politicians, and 85 human rights activists across 45 countries — including journalists later murdered.

NSO Group / Global Governments·2021·2 min read

Background

NSO Group, an Israeli cybersecurity company, sells Pegasus exclusively to governments, claiming it is used only against criminals and terrorists. The Pegasus Project — a consortium of 17 media outlets — obtained a leaked list of 50,000 phone numbers reportedly selected as potential surveillance targets.

The Attack

Pegasus is a zero-click, zero-day spyware platform. Once installed, it can extract messages, emails, photos, contacts, location history, and can remotely activate the microphone and camera. Installation required no user interaction: it exploited vulnerabilities in iMessage, FaceTime, WhatsApp, and other apps that could be triggered by receiving a specially crafted message — no click required. The Pegasus Project identified the phones of journalists at Le Monde, Reuters, AFP, the Wall Street Journal, and the Financial Times as potential targets. Saudi dissident journalist Jamal Khashoggi's contacts were on the list; he was murdered at the Saudi consulate in Istanbul in 2018.

Response

Apple issued emergency patches for the zero-click vulnerabilities (CVE-2021-30860, "FORCEDENTRY"). Apple sued NSO Group. The US Commerce Department blacklisted NSO Group. Several EU parliaments launched investigations. Apple began sending threat notifications to potential Pegasus targets.

Outcome

NSO Group faced legal, financial, and reputational collapse following the Pegasus Project revelations. The company was blacklisted by the US, lost multiple government customers, and was valued at far less than its 2019 valuation. The case raised fundamental questions about the regulation of commercial surveillance technology.

Key Takeaways

  1. Zero-click exploits require no user action — keeping iOS and Android fully updated is the primary mitigation
  2. Commercial surveillance tools sold to governments are routinely used against civil society and journalists
  3. Apple threat notifications to potential Pegasus targets mean users should take any Apple security notification seriously
  4. Enabling Lockdown Mode on iPhone significantly reduces the attack surface for commercial spyware
Pegasuszero-clickcommercial spywarejournalistsNSO Group

More in Malware & Spyware

2001critical

Code Red Worm Infects 359,000 Servers in 14 Hours

2 min readMalware & Spyware
2003critical

SQL Slammer: The Fastest-Spreading Worm in History

2 min readMalware & Spyware
2016critical

Mirai Botnet: IoT Devices Take Down the Internet's Infrastructure

2 min readMalware & Spyware