{
	"id": "f0b9f175-5536-446a-9707-0e2f8a46a4fd",
	"created_at": "2026-04-06T00:08:34.536226Z",
	"updated_at": "2026-04-10T13:11:56.886734Z",
	"deleted_at": null,
	"sha1_hash": "f05070df7766be1c821497c968edfda6de32b874",
	"title": "Revealed: leak uncovers global abuse of cyber-surveillance weapon",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 56438,
	"plain_text": "Revealed: leak uncovers global abuse of cyber-surveillance weapon\r\nBy Stephanie Kirchgaessner\r\nPublished: 2021-07-18 · Archived: 2026-04-05 17:35:23 UTC\r\nHuman rights activists, journalists and lawyers across the world have been targeted by authoritarian governments\r\nusing hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a\r\nmassive data leak.\r\nThe investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of\r\nNSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and\r\nterrorists.\r\nPegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages,\r\nphotos and emails, record calls and secretly activate microphones.\r\nThe leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of\r\npeople of interest by clients of NSO since 2016.\r\nForbidden Stories, a Paris-based nonprofit media organisation, and Amnesty International initially had access to\r\nthe leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.\r\nThe presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject\r\nto an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s\r\ngovernment clients identified in advance of possible surveillance attempts.\r\nQuick Guide\r\nWhat is in the Pegasus project data?\r\nShow\r\nForensics analysis of a small number of phones whose numbers appeared on the leaked list also showed more than\r\nhalf had traces of the Pegasus spyware.\r\nThe Guardian and its media partners will be revealing the identities of people whose number appeared on the list\r\nin the coming days. They include hundreds of business executives, religious figures, academics, NGO employees,\r\nunion officials and government officials, including cabinet ministers, presidents and prime ministers.\r\nThe list also contains the numbers of close family members of one country’s ruler, suggesting the ruler may have\r\ninstructed their intelligence agencies to explore the possibility of monitoring their own relatives.\r\nThe disclosures begin on Sunday, with the revelation that the numbers of more than 180 journalists are listed in\r\nthe data, including reporters, editors and executives at the Financial Times, CNN, the New York Times, France 24,\r\nhttps://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus\r\nPage 1 of 4\n\nthe Economist, Associated Press and Reuters.\r\nThe phone number of a freelance Mexican reporter, Cecilio Pineda Birto, was found in the list, apparently of\r\ninterest to a Mexican client in the weeks leading up to his murder, when his killers were able to locate him at a\r\ncarwash. His phone has never been found so no forensic analysis has been possible to establish whether it was\r\ninfected.\r\nNSO said that even if Pineda’s phone had been targeted, it did not mean data collected from his phone contributed\r\nin any way to his death, stressing governments could have discovered his location by other means. He was among\r\nat least 25 Mexican journalists apparently selected as candidates for surveillance over a two-year period.\r\nWithout forensic examination of mobile devices, it is impossible to say whether phones were subjected to an\r\nattempted or successful hack using Pegasus.\r\nNSO has always maintained it “does not operate the systems that it sells to vetted government customers, and does\r\nnot have access to the data of its customers’ targets”.\r\nIn statements issued through its lawyers, NSO denied “false claims” made about the activities of its clients, but\r\nsaid it would “continue to investigate all credible claims of misuse and take appropriate action”. It said the list\r\ncould not be a list of numbers “targeted by governments using Pegasus”, and described the 50,000 figure as\r\n“exaggerated”.\r\nThe company sells only to military, law enforcement and intelligence agencies in 40 unnamed countries, and says\r\nit rigorously vets its customers’ human rights records before allowing them to use its spy tools.\r\nThe Israeli minister of defence closely regulates NSO, granting individual export licences before its surveillance\r\ntechnology can be sold to a new country.\r\nLast month, NSO released a transparency report in which it claimed to have an industry-leading approach to\r\nhuman rights and published excerpts from contracts with customers stipulating they must only use its products for\r\ncriminal and national security investigations.\r\nThere is nothing to suggest NSO’s customers did not also use Pegasus in terrorism and crime investigations, and\r\nthe consortium also found numbers in the data belonging to suspected criminals.\r\nHowever, the broad array of numbers in the list belonging to people who seemingly have no connection to\r\ncriminality suggests some NSO clients are breaching their contracts with the company, spying on pro-democracy\r\nactivists and journalists investigating corruption, as well as political opponents and government critics.\r\nThat thesis is supported by forensic analysis on the phones of a small sample of journalists, human rights activists\r\nand lawyers whose numbers appeared on the leaked list. The research, conducted by Amnesty’s Security Lab, a\r\ntechnical partner on the Pegasus project, found traces of Pegasus activity on 37 out of the 67 phones examined.\r\nQ\u0026A\r\nWhat is the Pegasus project?\r\nhttps://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus\r\nPage 2 of 4\n\nShow\r\nThe analysis also uncovered some sequential correlations between the time and date a number was entered into the\r\nlist and the onset of Pegasus activity on the device, which in some cases occurred just a few seconds later.\r\nAmnesty shared its forensic work on four iPhones with Citizen Lab, a research group at the University of Toronto\r\nthat specialises in studying Pegasus, which confirmed they showed signs of Pegasus infection. Citizen Lab also\r\nconducted a peer-review of Amnesty’s forensic methods, and found them to be sound.\r\nThe presence of a number in the data does not mean there was an attempt to infect the phone. NSO says there\r\nwere other possible purposes for numbers being recorded on the list.\r\nRwanda, Morocco, India and Hungary denied having used Pegasus to hack the phones of the individuals named in\r\nthe list. The governments of Azerbaijan, Bahrain, Kazakhstan, Saudi Arabia, Mexico, the UAE and Dubai did not\r\nrespond to invitations to comment.\r\nThe Pegasus project is likely to spur debates over government surveillance in several countries suspected of using\r\nthe technology. The investigation suggests the Hungarian government of Viktor Orbán appears to have deployed\r\nNSO’s technology as part of his so-called war on the media, targeting investigative journalists in the country as\r\nwell as the close circle of one of Hungary’s few independent media executives.\r\nThe leaked data and forensic analyses also suggest NSO’s spy tool was used by Saudi Arabia and its close ally, the\r\nUAE, to target the phones of close associates of the murdered Washington Post journalist Jamal Khashoggi in the\r\nmonths after his death. The Turkish prosecutor investigating his death was also a candidate for targeting, the data\r\nleak suggests.\r\nClaudio Guarnieri, who runs Amnesty International’s Security Lab, said once a phone was infected with Pegasus,\r\na client of NSO could in effect take control of a phone, enabling them to extract a person’s messages, calls, photos\r\nand emails, secretly activate cameras or microphones, and read the contents of encrypted messaging apps such as\r\nWhatsApp, Telegram and Signal.\r\nBy accessing GPS and hardware sensors in the phone, he added, NSO’s clients could also secure a log of a\r\nperson’s past movements and track their location in real time with pinpoint accuracy, for example by establishing\r\nthe direction and speed a car was travelling in.\r\nThe latest advances in NSO’s technology enable it to penetrate phones with “zero-click” attacks, meaning a user\r\ndoes not even need to click on a malicious link for their phone to be infected.\r\nGuarnieri has identified evidence NSO has been exploiting vulnerabilities associated with iMessage, which comes\r\ninstalled on all iPhones, and has been able to penetrate even the most up-to-date iPhone running the latest version\r\nof iOS. His team’s forensic analysis discovered successful and attempted Pegasus infections of phones as recently\r\nas this month.\r\nApple said: “Security researchers agree iPhone is the safest, most secure consumer mobile device on the market.”\r\nNSO declined to give specific details about its customers and the people they target.\r\nhttps://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus\r\nPage 3 of 4\n\nHowever, a source familiar with the matter said the average number of annual targets per customer was 112. The\r\nsource said the company had 45 customers for its Pegasus spyware.\r\nAdditional reporting: Dan Sabbagh in London, Shaun Walker in Budapest, Angelique Chrisafis in Paris\r\nand Martin Hodgson in New York.\r\nShow your support for the Guardian’s fearless investigative journalism today so we can keep chasing\r\nthe truth\r\nSource: https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegas\r\nus\r\nhttps://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus"
	],
	"report_names": [
		"revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus"
	],
	"threat_actors": [],
	"ts_created_at": 1775434114,
	"ts_updated_at": 1775826716,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f05070df7766be1c821497c968edfda6de32b874.pdf",
		"text": "https://archive.orkl.eu/f05070df7766be1c821497c968edfda6de32b874.txt",
		"img": "https://archive.orkl.eu/f05070df7766be1c821497c968edfda6de32b874.jpg"
	}
}