{
	"id": "27f4ccbf-700f-4b5b-8df0-e94fcc2525cf",
	"created_at": "2026-04-06T00:10:27.424293Z",
	"updated_at": "2026-04-10T13:11:29.565168Z",
	"deleted_at": null,
	"sha1_hash": "5e179adbf016ff5e9d6c5a08f3817e470abe6a42",
	"title": "UK activists targeted with Pegasus spyware ask police to charge NSO Group",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 148068,
	"plain_text": "UK activists targeted with Pegasus spyware ask police to charge\r\nNSO Group\r\nBy Connor Jones\r\nPublished: 2024-09-19 · Archived: 2026-04-05 21:50:16 UTC\r\nFour UK-based proponents of human rights and critics of Middle Eastern states today filed a report with London's\r\nMetropolitan Police they hope will lead to charges against Pegasus peddler NSO Group.\r\nThe activists, who say their comms were snooped on by the autocratic states, assembled their complaint with the\r\nhelp of Global Legal Action Network (GLAN), a non-governmental organization bringing the case to the Met on\r\ntheir behalf. They accuse NSO, along with a selection of its key associates, of being behind alleged spyware\r\ninfections dating back to 2018.\r\nAnas Altikriti, founder and CEO at the Cordoba Foundation; journalist Azzam Tamimi; Mohammed Kozbar,\r\nchairman at the Finsbury Park Mosque; and Bahraini activist Yusuf Al Jamri all claim the group violated the\r\nComputer Misuse Act 1990 (CMA) and National Security Act 2023 (NSA) by allegedly allowing the leaders of\r\nthe UAE, Saudi Arabia, and Bahrain to compromise their phones using Pegasus spyware.\r\nKozbar and Tamimi claim their devices were infected with Pegasus in 2018. A year later, NSO Group was bought\r\nby now-liquidated London-based private equity firm Novalpina Capital. After that, Al Jamri and Altikriti claim\r\ntheir devices were also infected.\r\nThe Kingdom of Saudi Arabia (KSA), the United Arab Emirates (UAE), and the Kingdom of Bahrain are all\r\nalleged to have purchased Pegasus from NSO Group and carried out the spyware attacks on the alleged victims.\r\nGLAN claimed the alleged victims were all probably targets of these states.\r\nAltikriti and Kozbar are known UAE critics, Tamimi too is a critic of the KSA, and Al Jamri works to highlight\r\nhuman rights abuses in Bahrain – a country where he was persecuted and the reason he sought asylum in the UK.\r\nThe complaint accuses Q Cyber Technologies, its subsidiary NSO Group and its board members, and private\r\nequity firm Novalpina Capital of violating the CMA and NSA.\r\nThe complainants claim the use of Pegasus against targets inside the UK has threatened the country's sovereignty\r\nand security – citing alleged attacks within the UK government's networks, as well as an alleged attack, widely\r\nreported at the time, on House of Lords member Fiona Shackleton, when she was acting as the legal representative\r\nof Princess Haya of Dubai.\r\nThe UK government has not taken any legal action against the spyware maker, the complaint notes.\r\nThe group pointed to legal actions around the world against NSO, including by Apple, WhatsApp, and Facebook.\r\nApple recently reportedly dropped its claims against the Israeli company. When its suit was filed in the US, in\r\nhttps://www.theregister.com/2024/09/19/pegasus_spyware_met_police_complaint/\r\nPage 1 of 3\n\n2021, Craig Federighi, Apple's senior vice president of software engineering said:\r\n\"Apple devices are the most secure consumer hardware on the market – but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small\r\nnumber of our customers, we take any attack on our users very seriously, and we're constantly working to\r\nstrengthen the security and privacy protections in iOS to keep all our users safe.\"\r\nHowever, the Washington Post reported on Friday that Cupertino was dropping its suit.\r\nApple maintains its claims are still valid but is said to believe that by going to trial, critical threat intelligence\r\nwould come to light that may lead the growing commercial spyware ecosystem to develop workarounds for anti-spyware protections\r\nAccording to the complaint, both Altikriti and Al Jamri were confirmed by third-party experts at Amnesty\r\nInternational and the University of Toronto's Citizen Lab – both of which are prominent opponents of spyware – to\r\nhave been infected with Pegasus.\r\nAltikriti's Cordoba Foundation has caused so much of a stir in the UAE that it was designated a terrorist\r\norganization in 2014. He believes he became a person of interest over suspected links to those tried in what has\r\ncome to be known as the UAE 94 mass trial labeled by Amnesty International as \"grossly unfair.\"\r\nAnas Altikriti, founder and CEO at the Cordoba Foundation\r\n\"This is an episode of serious breaches to personal as well as to public safety and security,\" claimed Altikriti. \"The\r\nfact that technological developments are now being used to breach what was only recently regarded as sacrosanct,\r\nfor the benefit of persecuting political activists, must be of great concern to everyone.\"\r\nPredator spyware kingpins added to US sanctions list\r\nPredator spyware updated with dangerous new features, also now harder to track\r\nHouthi rebels are operating their own GuardZoo spyware\r\nPolish officials may face criminal charges in Pegasus spyware probe\r\nBorn and raised in Bahrain, activist Al Jamri has been a person of interest in his homeland since 1997, at the age\r\nof 16. Two decades and various arrests later, he was allegedly detained and tortured by Bahraini authorities three\r\ntimes, during which it is claimed he was subjected to interrogations, beatings, and faced threats of sexual violence\r\nboth to himself and his family members.\r\nhttps://www.theregister.com/2024/09/19/pegasus_spyware_met_police_complaint/\r\nPage 2 of 3\n\nYusuf Al Jamri, UK-based Bahraini political activist\r\nAl Jamri claims the same security agents who tortured him in Bahrain allegedly successfully attacked his phone\r\non British soil. All of the allegations relate to Pegasus spyware infections and attacks that are alleged to have\r\ntaken place in the UK itself.\r\nThe Reg contacted the accused where possible (Novalpina Capital was liquidated in 2021), but only NSO Group\r\nresponded.\r\n\"Due to regulatory constraints, we cannot confirm or deny any alleged specific customers,\" said Gil Lainer, vice\r\npresident for global communications at NSO Group.\r\n\"NSO complies with all laws and regulations and sells its technologies exclusively to vetted intelligence and law\r\nenforcement agencies. Our customers use these technologies daily, as Pegasus continues to play a crucial role in\r\nthwarting terrorist activities, breaking up criminal rings, and saving thousands of lives.\r\n\"NSO has initiated and implemented the industry's leading compliance and human rights program, which protects\r\nagainst misuse by government entities and investigates all credible claims of misuse. A number of the\r\ninvestigations conducted by NSO resulted in the suspension of accounts and, in some cases, termination of\r\ncustomer relationships (for more information, see our 2023 Transparency and Responsibility Report).\" ®\r\nSource: https://www.theregister.com/2024/09/19/pegasus_spyware_met_police_complaint/\r\nhttps://www.theregister.com/2024/09/19/pegasus_spyware_met_police_complaint/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.theregister.com/2024/09/19/pegasus_spyware_met_police_complaint/"
	],
	"report_names": [
		"pegasus_spyware_met_police_complaint"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434227,
	"ts_updated_at": 1775826689,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5e179adbf016ff5e9d6c5a08f3817e470abe6a42.pdf",
		"text": "https://archive.orkl.eu/5e179adbf016ff5e9d6c5a08f3817e470abe6a42.txt",
		"img": "https://archive.orkl.eu/5e179adbf016ff5e9d6c5a08f3817e470abe6a42.jpg"
	}
}