{
	"id": "7a6b59bc-bd3d-46e0-90d5-acc6587c865d",
	"created_at": "2026-04-06T00:10:25.09864Z",
	"updated_at": "2026-04-10T03:30:57.084559Z",
	"deleted_at": null,
	"sha1_hash": "523db4b7a660870654d4e25d426e3704482758b2",
	"title": "Report: Civil society in Jordan under assault by NSO’s Pegasus spyware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 96332,
	"plain_text": "Report: Civil society in Jordan under assault by NSO’s Pegasus\r\nspyware\r\nBy Dina Temple-Raston\r\nPublished: 2024-02-01 · Archived: 2026-04-05 17:30:11 UTC\r\nAn investigation based on interviews, documents and forensic analysis reveals new evidence that the phones of\r\nsome three dozen journalists, human rights advocates and lawyers in Jordan were infected with Pegasus spyware.\r\nIn a report released Thursday, Access Now, a digital rights organization, joined forces with the Citizen Lab, a\r\ncybersecurity watchdog organization at the University of Toronto, to document a roster of Pegasus cases in\r\nJordan. The spyware is one of the most notorious hacking tools used by governments to slip into mobile devices\r\nand vacuum up their contents.\r\n“Our investigation unveils the widespread hacking,” the report said, “demonstrating the relentless nature of this\r\ntargeted surveillance campaign” in Jordan. While the report suggests the Jordan authorities are behind the\r\ncampaign, the authors stop short of saying so directly.\r\nCitizen Lab had previously reported that it had been able to confirm that two organizations in Jordan were Pegasus\r\nspyware customers. The first publicly confirmed case of the use of Pegasus in Jordan happened in early 2022,\r\nwhen a human rights lawyer named Hala Ahed revealed that forensic artifacts linked to the spyware was found on\r\nher phone.\r\n“Ahed’s device unsuccessfully targeted with Pegasus spyware for a second time on or around February 20, 2023,”\r\nthe Access Now report said. “The hacking attempt occurred amidst a broader campaign of harassment against\r\nher.”\r\n‘We’re proud of our truthfulness’\r\nDaoud Kuttab, an award winning Palestinian-American journalist based in Jordan, was also the subject of a\r\nPegasus spyware attack. He was a Ferris Professor of Journalism at Princeton University and is currently the\r\ndirector of the Community Media Network, an NGO that, among other things, runs a community radio station and\r\na news website in Jordan.\r\nThe Community Media Network is unusual in the region because it has earned a kind of Good Housekeeping seal\r\nof approval from Reporters Without Borders, which promotes and defends the freedom of expression around the\r\nworld. The group said the Community Media Network provides unbiased, trustworthy reporting.\r\n“We are proud of our truthfulness, our professionalism,” Kuttab told the Click Here podcast in a recent interview\r\nahead of the report’s release. He believes he was targeted by Pegasus spyware because he published some stories\r\nfrom the Pandora Papers, a mysterious leak of some 12 million financial documents that revealed where\r\nhttps://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware\r\nPage 1 of 4\n\ninfluential people around the world had stashed their money, including Russian President Vladimir Putin’s inner\r\ncircle and Jordan’s King Abdullah.\r\nKuttab said soon after his network published a piece on shell companies the King allegedly had set up to buy\r\nproperty in the U.S. and the United Kingdom, he got an angry text message from officials in the Jordanian General\r\nIntelligence Directorate. He said they wanted him to pull the story.\r\n“I told them that wouldn’t do any good because in today's world, you cannot keep bad news away,” Kuttab said in\r\nan interview. “The best way to deal with a bad story is to present your own story and try to hope that it will go\r\nviral.”\r\nEventually, after some back-and-forth, Kuttab did take the story down from his website. But a short time later, he\r\npublished his account of the entire episode in Foreign Policy Magazine. Not long after that, according to Kuttab,\r\nhe came to find out much later, his phone was infected with Pegasus spyware.\r\nThat was March 2022.\r\nAccording to the Access Now report, forensic analysis of his phone suggests Kuttab’s mobile device was then\r\ntargeted seven more times, unsuccessfully, until September 2023.\r\nZero-click exploits\r\nPeople targeted by Pegasus don’t have to click on anything to be infected. The software uses something called a\r\nzero-click exploit to crack into a device.\r\n“A zero-click exploit, you wouldn't see anything. You wouldn't get a text message or an email,” said John Scott-Railton, a researcher at the Citizen Lab. “Your phone would just be uninfected one minute and then a spy in your\r\npocket the next moment.”\r\nPegasus just finds some vulnerability on your device and takes advantage of it and it is so sophisticated The New\r\nYork Times Magazine dubbed it “the world’s most powerful cyberweapon.”\r\nScott-Railton agrees. “One minute, your phone is yours, filled with your private data. And the next minute, some\r\nautocrat, perhaps halfway around the world, is dumping your digital life out on the proverbial table,” he told Click\r\nHere before this latest report was published. “That's what's so scary about this technology.”\r\nNSO Group Technologies, the Israeli company that created Pegasus, says it only sells the tool to nation-states for\r\nnational security purposes. In fact, one of the spyware’s early adopters was Mexico. They used it to spy on the\r\ndrug cartels and to roll up drug lords. NSO declined an interview request for this article but it has said publicly\r\nthat anyone using their spyware on targets within civil society is doing so without their permission.\r\nScott-Railton said that it would be naive to create something like Pegasus and not expect it to be abused. “There's\r\nsomething about it, something about that temptation of total access to a person's innermost world on their phone\r\nthat just makes it really, really, really prone to abuse,” he said.\r\nHuman Rights Watch\r\nhttps://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware\r\nPage 2 of 4\n\nAmnesty Tech and Human Rights Watch discovered last year that the personal mobile devices belonging to two of\r\nits Jordan-based staff were targeted with Pegasus as well. Adam Coogle, a deputy director with HRW’s Middle\r\nEast and North Africa division was hacked with Pegasus through a zero-click attack.\r\nAccording to the Access Now report, the attack occurred exactly two weeks after HRW published a report on the\r\nincreasing government repression in Jordan. “We have typically had a relatively adversarial relationship with the\r\nauthorities, which isn't surprising given the fact that we report on their human rights abuses,” Coogle told Click\r\nHere in an interview. “Because of that… I’m not terribly surprised that we, or our staff, would be targeted.”\r\nEven so, Coogle said that learning he’d been hacked changed his mindset. While he hasn’t confirmed the\r\nJordanian government was behind it, he said the whole experience rattled him. “The idea that you are on their\r\nradar, you’re being directly targeted by a security apparatus of a country is a little bit… unnerving,” he said. “And\r\nthen you start to think about what was on my phone, what could they have potentially gained access to, ad that's a\r\nconversation that goes on in your head for a long time.”\r\nIn the conclusion of its report, Access Now called on the Jordanian government to investigate the allegations of\r\nspyware abuse. “We urge all world governments, including Jordan’s, to halt the use of Pegasus spyware, and\r\nimplement an immediate moratorium on the export, sale, transfer, servicing, and use of targeted digital\r\nsurveillance technologies,” it reads. “Until rigorous human rights safeguards are put in place to regulate such\r\npractices.”\r\nThe Jordanian government had not responded to the allegations in the report by press time. Recorded Future News\r\nhas reached out to them for comment.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware\r\nPage 3 of 4\n\nDina Temple-Raston\r\nis the Host and Managing Editor of the Click Here podcast as well as a senior correspondent at Recorded Future\r\nNews. She previously served on NPR’s Investigations team focusing on breaking news stories and national\r\nsecurity, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were\r\nYou Thinking.”\r\nSource: https://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware\r\nhttps://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/civil-society-in-jordan-targeted-with-pegasus-spyware"
	],
	"report_names": [
		"civil-society-in-jordan-targeted-with-pegasus-spyware"
	],
	"threat_actors": [
		{
			"id": "f9806b99-e392-46f1-9c13-885e376b239f",
			"created_at": "2023-01-06T13:46:39.431871Z",
			"updated_at": "2026-04-10T02:00:03.325163Z",
			"deleted_at": null,
			"main_name": "Watchdog",
			"aliases": [
				"Thief Libra"
			],
			"source_name": "MISPGALAXY:Watchdog",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434225,
	"ts_updated_at": 1775791857,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/523db4b7a660870654d4e25d426e3704482758b2.pdf",
		"text": "https://archive.orkl.eu/523db4b7a660870654d4e25d426e3704482758b2.txt",
		"img": "https://archive.orkl.eu/523db4b7a660870654d4e25d426e3704482758b2.jpg"
	}
}