{
	"id": "21f11811-10a6-45a2-90da-44437be3a4b1",
	"created_at": "2026-04-06T00:06:41.231625Z",
	"updated_at": "2026-04-10T03:21:52.849194Z",
	"deleted_at": null,
	"sha1_hash": "d002b037ad02ef542e2e21769dce5c16eef3cf68",
	"title": "Saudis behind NSO spyware attack on Jamal Khashoggi’s family, leak suggests",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1130973,
	"plain_text": "Saudis behind NSO spyware attack on Jamal Khashoggi’s family,\r\nleak suggests\r\nBy Stephanie Kirchgaessner\r\nPublished: 2021-07-18 · Archived: 2026-04-05 22:22:43 UTC\r\nIn the wake of the brutal murder of the journalist Jamal Khashoggi, the NSO Group emphatically denied that its\r\ngovernment clients had used its hacking malware to target the journalist or his family.\r\n“I can tell you very clear. We had nothing to do with this horrible murder,” Shalev Hulio, the chief executive of\r\nthe Israeli surveillance firm, told the US TV news programme 60 Minutes in March 2019. It was six months after\r\nKhashoggi, a Washington Post columnist, was killed in Turkey by assassins dispatched by Saudi Arabia, a client\r\nof NSO.\r\nNow a joint investigation by the Guardian and other media, based on leaked data and forensic analysis of phones,\r\nhas uncovered new evidence that the company’s spyware was used to try and monitor people close to Khashoggi\r\nboth before and after his death.\r\nIn one case, a person in Khashoggi’s inner circle was hacked four days after his murder, according to peer-reviewed forensic analysis of her device.\r\nThe investigation points to an apparent attempt by Saudi Arabia and its close ally the United Arab Emirates to\r\nleverage NSO’s spy technology after Khashoggi’s death to monitor his associates and the Turkish murder\r\ninvestigation, even going so far as to select the phone of Istanbul’s chief prosecutor for potential surveillance.\r\nQuick Guide\r\nWhat is in the Pegasus project data?\r\nShow\r\nKhashoggi was killed and dismembered at the Saudi consulate in Istanbul in October 2018. While the\r\ninvestigation mostly points to Khashoggi’s close associates being targeted in the months after the murder, it also\r\nidentified evidence suggesting that an NSO client targeted the phone of his wife, Hanan Elatr, several months\r\nbefore his death, between November 2017 and April 2018.\r\nThe client appears to have used NSO’s spyware, Pegasus, which can transform a phone into a surveillance device,\r\nwith microphones and cameras activated without a user knowing.\r\nPegasus: the spyware technology that threatens democracy – video\r\nA forensic examination of Elatr’s Android phone found that she was sent four text messages that contained\r\nmalicious links connected to Pegasus. The analysis indicated the targeting came from the United Arab Emirates, a\r\nhttps://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus\r\nPage 1 of 5\n\nSaudi ally. However, the examination did not confirm whether the device had been successfully infected.\r\n“Jamal warned me before that this might happen,” Elatr said. “It makes me believe they are aware of everything\r\nthat happened to Jamal through me.” She added that she was concerned his conversations with fellow dissidents\r\nmight have been monitored through her phone. “I kept my phone on the tea table [in their Virginia home] while\r\nJamal was talking to a Saudi guy twice a week.”\r\nElatr’s number was also contained in a leak of numbers that were selected by clients of NSO as candidates for\r\npossible surveillance. Access to the leak was shared with the Guardian and other media by Forbidden Stories, a\r\nnonprofit organisation, as part of a collaborative investigation called the Pegasus project. Examination of phones\r\nwas done by Amnesty International’s Security Lab, a technical partner on the Pegasus project.\r\nUS intelligence agencies have already concluded that the Saudi crown prince, Mohammed bin Salman, was\r\nresponsible for ordering the murder of Khashoggi, a former Saudi government insider whose criticism of the\r\nkingdom’s regime in the pages of the Washington Post was seen as a threat to the Saudi heir.\r\nA team of Saudi agents killed Khashoggi inside the Saudi consulate in Istanbul during his visit there to pick up\r\ndocuments he needed to get married to his fiancee, Hatice Cengiz, who later became an outspoken advocate for\r\naccountability over his murder.\r\nJamal Khashoggi’s fiancee, Hatice Cengiz. Photograph: Anadolu Agency/Getty Images\r\nForensic analysis revealed that Cengiz’s phone was first infected with Pegasus just four days after his murder, on 6\r\nOctober 2018. Her phone was also hacked on two other days in October 2018. Further attempts to hack her phone\r\nfollowed in June 2019, although they did not appear to be successful. Data analysis suggested that Saudi Arabia\r\nwas behind her hacking. Cengiz said she was not surprised she had been hacked: “I was thinking this after the\r\nmurder. But what can you do?”\r\nA close friend of Khashoggi, Wadah Khanfar, the former director general of the Al Jazeera television network, was\r\nalso hacked using Pegasus, with analysis showing that his phone was infected as recently July 2021.\r\nThe phone analysis discoveries and leaked phone records suggest that Saudi Arabia and its allies used NSO’s\r\nspyware in the aftermath of the murder to monitor the campaign for justice led by friends and associates of\r\nhttps://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus\r\nPage 2 of 5\n\nKhashoggi, while also showing an intent to spy on the official Turkish inquiry into his murder.\r\nKhashoggi associates who were targeted for possible surveillance after his death, according to the leak, include\r\nAbdullah Khashoggi, the journalist’s son; Azzam Tamimi, a Palestinian-British activist and friend, and Madawi\r\nAl-Rasheed, a London-based scholar who co-created an opposition party of expatriate Saudis in the wake of the\r\nmurder.\r\nThe Saudi crown prince, Mohammed bin Salman, who US intelligence agencies have concluded\r\nwas responsible for ordering the murder of Khashoggi. Photograph: Anadolu Agency/Getty Images\r\nAnalysis of Rasheed’s phone found evidence of an attempted hack in April 2019, but there was no evidence the\r\nspyware was successfully installed.\r\nOther Khashoggi-connected names linked to in the data were Yahya Assiri, a UK-based Saudi activist who\r\ndocuments human rights violations in Saudi Arabia and was in close contact with Khashoggi before his death, and\r\nYasin Aktay, a friend of Khashoggi and a top aide to the Turkish president, Recep Tayyip Erdoğan. No forensics\r\nwere able to be carried out on their phones.\r\nQ\u0026A\r\nWhat is the Pegasus project?\r\nShow\r\nIn an interview, Aktay said he had already been alerted by Turkish intelligence officials that his phone had been\r\nhacked after Khashoggi’s death because the Saudis were still trying to create a “map” of the journalist’s\r\nconnections. “It was needless,” Aktay said of the surveillance. “I was just a friend of his.”\r\nhttps://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus\r\nPage 3 of 5\n\nİrfan Fidan, the Turkish prosecutor who charged 20 Saudis over the Khashoggi killing.\r\nPhotograph: Anadolu Agency/Getty Images\r\nThe phone number of İrfan Fidan, the Istanbul chief prosecutor who later formally charged 20 Saudi nationals\r\nover the killing, also appeared in the list of numbers of possible candidates for surveillance by NSO Group clients.\r\nWithout forensic examination of their phones, it is not possible to know whether these targets were infiltrated or\r\nsuccessfully hacked using Pegasus.\r\nIn a statement, NSO said: “Our technology was not associated in any way with the heinous murder of Jamal\r\nKhashoggi. We can confirm that our technology was not used to listen, monitor, track, or collect information\r\nregarding him or his family members mentioned in your inquiry.”\r\nAgnès Callamard, the secretary general of Amnesty International, which is a partner in the Pegasus project, said\r\nnew discoveries about Khashoggi-related targets indicated an attempt by Saudi Arabia and others to gather\r\nintelligence on the fallout from the killing.\r\n“The targeting indicates a clear intention to know what the prosecutor and a few other high political actors were\r\ndoing,” she said. “They saw Turkey as the heart of what they needed to control.”\r\nhttps://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus\r\nPage 4 of 5\n\nOn Tuesday 27 July, at 8pm BST, a panel including Agnès Callamard, secretary general of Amnesty International,\r\nwill discuss the global implications of the Pegasus project. Book your ticket here.\r\nSource: https://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-peg\r\nasus\r\nhttps://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus"
	],
	"report_names": [
		"nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus"
	],
	"threat_actors": [],
	"ts_created_at": 1775434001,
	"ts_updated_at": 1775791312,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d002b037ad02ef542e2e21769dce5c16eef3cf68.pdf",
		"text": "https://archive.orkl.eu/d002b037ad02ef542e2e21769dce5c16eef3cf68.txt",
		"img": "https://archive.orkl.eu/d002b037ad02ef542e2e21769dce5c16eef3cf68.jpg"
	}
}