ConspiracyTheory.net
Confirmed 🕵️ Espionage

Pegasus Spyware — NSO Group State Surveillance Tool

Origin: 2016 · Israel · Updated Mar 5, 2026
Pegasus Spyware — NSO Group State Surveillance Tool (2016) — President Donald Trump participates in a bilateral meeting with Crown Prince and Prime Minister Mohammed bin Salman Al Saud of Saudi Arabia, Tuesday, November 18, 2025, in the Oval Office. (Official White House Photo by Daniel Torok)

Overview

Pegasus is a sophisticated spyware tool developed by the NSO Group, an Israeli cyber-intelligence firm founded in 2010. Marketed exclusively to government clients for stated purposes of counterterrorism and criminal investigations, Pegasus was revealed through multiple independent investigations to have been widely deployed against journalists, human rights defenders, political dissidents, lawyers, and heads of state. The revelations confirmed that governments around the world were using commercially available surveillance technology to target individuals who posed no security threat but were politically inconvenient.

The Pegasus scandal represents a confirmed conspiracy in which a private company sold surveillance capabilities that rival those of the world’s most advanced intelligence agencies to authoritarian and semi-authoritarian governments, with knowledge that the tools were being used to suppress dissent, intimidate journalists, and facilitate human rights abuses. The case demonstrated that the global surveillance apparatus extends far beyond the traditional capabilities of signals intelligence agencies like the NSA or GCHQ, into a commercial marketplace where any government with sufficient funds can acquire the ability to invisibly compromise any smartphone on earth.

The full scope of Pegasus deployment was revealed in July 2021 through the Pegasus Project, a collaborative investigation involving Amnesty International’s Security Lab, the University of Toronto’s Citizen Lab, and a consortium of seventeen media organizations coordinated by the Paris-based nonprofit Forbidden Stories.

Origins & History

NSO Group was founded in 2010 by Niv Carmi, Shalev Hulio, and Omri Lavie, drawing heavily on personnel trained in Unit 8200, the Israeli military’s signals intelligence unit (Israel’s equivalent of the NSA). The company’s name derives from the founders’ initials. From its inception, NSO marketed Pegasus as a tool to help governments combat terrorism and serious crime, claiming the technology was sold under strict licensing agreements that prohibited its use against journalists and activists.

The first public evidence of Pegasus deployment emerged in August 2016, when Ahmed Mansoor, a prominent human rights activist in the United Arab Emirates, received suspicious text messages containing links. Rather than clicking them, Mansoor forwarded the messages to Citizen Lab, a digital security research group at the University of Toronto. Citizen Lab’s analysis, conducted in collaboration with the security firm Lookout, revealed an extraordinarily sophisticated attack that exploited three previously unknown vulnerabilities (zero-day exploits) in Apple’s iOS operating system to achieve complete remote compromise of an iPhone.

Apple issued emergency security patches in response, but the discovery was only the beginning. Over the following years, Citizen Lab and Amnesty International’s Security Lab documented Pegasus infections targeting individuals in Mexico, Saudi Arabia, the UAE, Morocco, Rwanda, India, Hungary, Poland, and dozens of other countries. The targets included not only political dissidents but also journalists investigating corruption, lawyers representing government critics, and even heads of state.

By 2019, NSO Group’s capabilities had advanced to include “zero-click” exploits that required no action whatsoever from the target. A vulnerability in WhatsApp, discovered in May 2019, allowed Pegasus to be installed through a phone call to the target’s device — a call that did not even need to be answered. WhatsApp’s parent company, Facebook (now Meta), subsequently sued NSO Group in U.S. federal court.

Key Claims

  • NSO Group knowingly sold Pegasus to governments that used it to target journalists, activists, and political opponents rather than terrorists or criminals
  • The Israeli government exercised oversight of NSO Group’s export licenses and used Pegasus sales as a diplomatic tool to strengthen relationships with governments including Saudi Arabia, the UAE, and Morocco
  • Pegasus was used to surveil individuals connected to Jamal Khashoggi before his murder at the Saudi consulate in Istanbul in October 2018
  • The spyware was deployed against at least 180 journalists, 600 politicians, 85 human rights activists, and 65 business executives in more than 50 countries
  • A leaked list of 50,000 phone numbers represented potential targets selected by NSO Group clients
  • Multiple European Union governments, including Hungary and Poland, used Pegasus against domestic political opponents and journalists
  • NSO Group’s claims of internal safeguards and human rights due diligence were performative rather than genuine

Evidence

The Pegasus Project (2021): In July 2021, Forbidden Stories and Amnesty International obtained a leaked list of more than 50,000 phone numbers that had been selected as potential surveillance targets by NSO Group clients. A consortium of seventeen news organizations, including The Washington Post, The Guardian, Le Monde, and Suddeutsche Zeitung, analyzed the list and identified hundreds of journalists, politicians, and activists whose numbers appeared. Amnesty International’s Security Lab forensically examined 67 smartphones belonging to individuals on the list and found evidence of Pegasus infection or attempted infection on 37 of them.

Citizen Lab Research: Since 2016, Citizen Lab has published dozens of peer-reviewed reports documenting Pegasus deployment. Their research identified specific operators in multiple countries and traced attack infrastructure to government clients. In 2018, Citizen Lab reported that Pegasus operators were active in 45 countries, with at least ten operators engaged in cross-border surveillance.

WhatsApp Lawsuit: In October 2019, WhatsApp (owned by Meta) filed a lawsuit against NSO Group in the U.S. District Court for the Northern District of California. WhatsApp stated that NSO Group had exploited a vulnerability in its calling feature to deliver Pegasus to approximately 1,400 users’ devices over a two-week period in April-May 2019. The targets included journalists, human rights workers, political dissidents, diplomats, and senior foreign government officials.

Apple Lawsuit: In November 2021, Apple filed its own lawsuit against NSO Group, seeking to permanently prevent the company from using Apple products, services, or devices. Apple’s security team had discovered a zero-click exploit chain dubbed “FORCEDENTRY” that NSO Group had used to deploy Pegasus through iMessage.

Government Investigations: The European Parliament established a formal committee of inquiry (the PEGA Committee) in 2022 to investigate the use of Pegasus and equivalent spyware within EU member states. The committee found evidence of Pegasus use by the governments of Hungary, Poland, Spain, and Greece against journalists, opposition politicians, and lawyers.

Debunking / Verification

This conspiracy is classified as confirmed. The deployment of Pegasus against journalists and activists has been verified through:

  • Forensic analysis by Amnesty International’s Security Lab and Citizen Lab using internationally recognized digital forensic methodologies
  • Lawsuits by WhatsApp/Meta and Apple against NSO Group
  • The European Parliament’s PEGA Committee findings
  • Israeli government records showing export license approvals for NSO Group
  • NSO Group’s own partial admissions (the company acknowledged selling to governments but denied responsibility for how clients used the technology)
  • The U.S. Department of Commerce’s placement of NSO Group on its Entity List in November 2021, restricting American companies from selling technology to NSO

NSO Group’s defense — that it only sells to governments and cannot control how the technology is used — was undermined by evidence that the company was aware of abuses and continued selling to known violators, and that its claimed human rights review process was inadequate.

Cultural Impact

The Pegasus revelations fundamentally altered global understanding of digital surveillance capabilities. The scandal demonstrated that surveillance previously associated only with superpower intelligence agencies was now commercially available to any government willing to pay, at a cost estimated at $500,000 per target for an initial infection and $25,000 per additional target.

The case had immediate diplomatic consequences. Relations between France and Morocco were strained after reports that Moroccan intelligence had selected French President Emmanuel Macron’s phone number as a potential target. India faced intense domestic debate after opposition politicians and journalists were identified as targets. Hungary’s use of Pegasus against investigative journalists contributed to growing concerns about democratic backsliding within the European Union.

The Pegasus affair also accelerated the development of digital security tools and practices. Apple introduced “Lockdown Mode” in iOS 16, specifically designed to protect high-risk users from sophisticated spyware. WhatsApp and Signal strengthened their encryption protocols. Civil society organizations expanded digital security training for journalists and activists.

The case raised fundamental questions about the regulation of the commercial surveillance industry, the responsibility of democratic governments that both use and profit from surveillance technology, and the adequacy of existing international law to address state-sponsored digital espionage.

Timeline

  • 2010 — NSO Group founded in Herzliya, Israel
  • August 2016 — Citizen Lab and Lookout expose Pegasus after UAE activist Ahmed Mansoor forwards suspicious messages
  • 2017 — Mexican journalists and activists revealed as Pegasus targets; Mexican government accused of deployment
  • September 2018 — Citizen Lab identifies Pegasus operators active in 45 countries
  • October 2018 — Jamal Khashoggi murdered at Saudi consulate in Istanbul; associates’ phones found infected with Pegasus
  • May 2019 — WhatsApp discovers Pegasus vulnerability exploiting its calling feature; 1,400 users targeted
  • October 2019 — WhatsApp/Meta sues NSO Group in U.S. federal court
  • July 2021 — Pegasus Project consortium publishes findings based on leaked list of 50,000 phone numbers
  • November 2021 — U.S. Commerce Department places NSO Group on Entity List
  • November 2021 — Apple files lawsuit against NSO Group
  • March 2022 — European Parliament establishes PEGA Committee to investigate Pegasus use in EU
  • 2023 — Polish government confirms predecessor administration used Pegasus against political opponents
  • 2024 — Multiple courts advance lawsuits against NSO Group; company faces potential financial collapse

Sources & Further Reading

  • Marczak, Bill, et al. “The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil.” Citizen Lab, University of Toronto, 2018.
  • Amnesty International. “Forensic Methodology Report: How to Catch NSO Group’s Pegasus.” July 2021.
  • Forbidden Stories and media consortium. “The Pegasus Project.” Coordinated investigation, July 2021.
  • Priest, Dana, Craig Timberg, and Souad Mekhennet. “Private Israeli Spyware Used to Hack Cellphones of Journalists, Activists Worldwide.” The Washington Post, July 18, 2021.
  • European Parliament. PEGA Committee of Inquiry Final Report, 2023.
  • Perlroth, Nicole. This Is How They Tell Me the World Ends: The Cyberweapons Arms Race. Bloomsbury, 2021.
Chairman of the Majlis ash-Shura (Consultative Assembly) of Saudi Arabia Abdullah ibn Muhammad Al ash-Sheikh in the Polish Senate — related to Pegasus Spyware — NSO Group State Surveillance Tool

Frequently Asked Questions

What is Pegasus spyware and how does it work?
Pegasus is military-grade spyware developed by the Israeli company NSO Group. Once installed on a target's smartphone, Pegasus can extract text messages, emails, photos, contacts, and location data. It can also silently activate the phone's microphone and camera. Early versions required the target to click a malicious link, but later versions use 'zero-click' exploits that can compromise a device without any user interaction — including through invisible iMessage or WhatsApp messages that the target never sees.
Was Pegasus used to spy on journalists?
Yes. Investigations by Amnesty International, Citizen Lab at the University of Toronto, and a consortium of media organizations (the Pegasus Project, coordinated by Forbidden Stories) confirmed that Pegasus was used to target the phones of journalists, human rights activists, lawyers, and political opposition figures in more than 50 countries. Targets included journalists at Al Jazeera, the New York Times, the Associated Press, Le Monde, and the Financial Times, among many others.
Was Pegasus linked to the murder of Jamal Khashoggi?
Investigations found that Pegasus was used to surveil individuals in Jamal Khashoggi's inner circle before his murder at the Saudi consulate in Istanbul on October 2, 2018. Citizen Lab confirmed that Khashoggi's colleague Omar Abdulaziz had his phone compromised by Pegasus, likely by Saudi Arabia. Khashoggi's fiancee Hatice Cengiz's phone was also reportedly infected. While NSO Group denied that Pegasus was used directly on Khashoggi's devices, the surveillance of his associates is believed to have provided intelligence that facilitated his assassination.
Pegasus Spyware — NSO Group State Surveillance Tool — Conspiracy Theory Timeline 2016, Israel

Infographic

Share this visual summary. Right-click to save.

Pegasus Spyware — NSO Group State Surveillance Tool — visual timeline and key facts infographic