Although Pegasus is stated as intended to be used against criminals and terrorists, A UN special rapporteur on freedom of opinion found that the use of the spyware by abusive governments could "facilitate extrajudicial, summary or arbitrary executions and killings, or enforced disappearance of persons."
Armenia About twenty Armenian citizens were spied on via Pegasus spyware. Media expert Arthur Papyan said it targeted the key figures of the opposition and the government – current and past government employees who knew valuable state secrets and have political influence, including the former director of the National Security Service and current chairman of the center-right Homeland Party. The local experts suspected that they were targeted either by the government of Armenia or Azerbaijan, or perhaps both. Papyan said that NSO group appears to be jailbreaking a phone and provides interface for viewing the obtained data. Minister of high-tech industry
Vahagn Khachaturyan also received a warning letter from Apple, he rejected the theory that the spying party could be the current Armenian government.
Azerbaijan The list of spied-upon citizens included dozens of journalists and activists from Azerbaijan. It was alleged that their mobile phones were tapped. The head of Azerbaijani service of
Radio Liberty/Radio Free Europe (Azadliq) Jamie Fly expressed his anger when it was revealed that the phones of his five current and former employees were tapped with Pegasus.
Bangladesh Reports and investigations indicate Bangladesh is among 45 countries where Pegasus spyware infections were detected between 2016 and 2018, according to Citizen Lab's cybersecurity research. The spyware, developed by Israel's NSO Group, enables undetected access to smartphones' messages, cameras, and microphones. Citizen Lab identified an operator codenamed **GANGES** using politically themed domains to target devices in Bangladesh, India, and Pakistan. The government denies purchasing or using Pegasus, calling allegations "baseless". Constitutional Article 43(B) and ICT Act Section 63 protect communication privacy, but enforcement gaps persist. While Pegasus specifically remains unconfirmed in these transactions, the sales underscore Bangladesh's access to advanced monitoring tools. In January 2022, Bahrain was accused of using the Pegasus spyware to hack a human rights defender,
Ebtisam al-Saegh. The prominent activist's phone was hacked at least eight times between August and November 2019. As per the Citizen Lab, following the hacking attempt, al-Saegh faced incidents where she was harassed by the Bahrain authorities. It included being summoned to a police station, interrogation, rape threats, and physical and sexual assault. The attack left the rights defender in a state of "daily fear and terror". In February 2022, an investigation by
Citizen Lab and
Amnesty International revealed that the Pegasus spyware was used to infect the devices of a lawyer, an online journalist, and a mental health counsellor in Bahrain. All of the three activists were critical of the Bahraini authorities and were targeted with Pegasus between June and September 2021. One of the three activists remained anonymous, while the other two were
Mohammed al-Tajer and Sharifa Swar (mental health counselor). In December 2022, an exiled Bahraini activist, Yusuf al-Jamri filed a lawsuit against the Bahraini government and the NSO Group, alleging his phone was hacked using the Pegasus spyware in August 2019. The hacking was confirmed by the Citizen Lab researchers, who claimed that the servers that targeted al-Jamri were connected to Bahrain. Yusuf al-Jamri fled to the UK with his family in 2017, after facing multiple detentions, and episodes of interrogation, torture, sexual assault, and rape threats. Experts claimed that he was hacked days after posting tweets about Moosa Mohammed, the Bahraini activist who protested the executions in Bahrain and climbed to the roof of the country's embassy in London.
Dominican Republic In 2023, an investigation by
Amnesty International and
Citizen Lab found that
Nuria Piera, a Dominican Republic journalist known for her investigations into corruption in the country, was targeted by an unknown actor using Pegasus spyware at least three times between 2020 and 2021.
Egypt Egyptian PM
Mostafa Madbouly was selected for potential targeting by Pegasus – apparently by Saudi Arabia.
Estonia Estonia entered negotiations to procure Pegasus in 2018, and had made a $30 million down payment for the tool. Estonia hoped to use the tool against Russian phones (presumably for gathering intelligence). Israel initially approved the export of Pegasus to Estonia, but after a senior Russian defense official approached the Israeli defense agencies and revealed that Russia had learned of Estonia's intentions to obtain Pegasus, Israel decided to disallow Estonia from using Pegasus against any Russian phone number (following a heated debate among Israeli officials) so as to avoid damaging Israeli relations with Russia. Estonia gained access to Pegasus spyware in 2019. Citizen Lab has uncovered that Estonia has deployed Pegasus outside its borders, against targets in "many" EU countries.
Finland In January 2022 the
Finnish Ministry for Foreign Affairs reported that several phones of Finnish diplomats had been infected with the Pegasus spyware. Antti Pelttari, the Director of the
Finnish Security and Intelligence Service (Supo), stated that a Foreign Government was most likely behind the infection.
France In July 2021,
Le Monde reported that President of France
Emmanuel Macron and 14 French ministers were flagged as potential Pegasus targets for Pegasus spying by Morocco; Moroccan authorities denied Pegasus use and labelled the allegation as "unfounded and false" which a consortium of journalists and Amnesty International have demonstrated that there are "technical elements that prove listening".
Germany Pegasus is in use by German Federal Criminal Police Office (BKA). BKA acquired Pegasus in 2019 with "utmost secrecy", despite hesitations from its legal council. The use of Pegasus by BKA was later revealed by German media. Sources from Germany's security services have told journalists that Germany's iteration of Pegasus spyware features built-in safeguards to prevent abuse and comply with EU privacy laws. However, officials have not publicly confirmed or elaborated on this. In February 2023, the independent Russian journalist and Putin critic
Galina Timchenko had her iPhone infected with Pegasus while located in Berlin. According to the findings released in July 2021, journalists and managers of media holdings appear to have been spied on by the Hungarian government with Pegasus. Phone numbers of at least 10 lawyers, at least 5 journalists, and an opposition politician were included on a leaked list of potential Pegasus surveillance targets. In November 2021,
Lajos Kósa, head of a parliamentary defense and law enforcement committee, was the first Hungarian senior official who acknowledged that the country's Interior Ministry purchased and used Pegasus. Kósa admitted that Hungary had indeed purchased and used Pegasus, stating "I don't see anything objectionable in it [...] large tech companies carry out much broader monitoring of citizens than the Hungarian state does." 17 individuals including human rights activists, scholars, and journalists confirmed to an Indian publication they had been targeted. Phone numbers of Indian ministers, opposition leaders, ex-election commissioners and journalists were allegedly found on a database of NSO hacking targets by Pegasus Project in 2021. Phone numbers of
Koregaon Bhima activists who had compromising data implanted on their computers through a hack were found on a Pegasus surveillance phone number list. Independent digital forensic analysis conducted on 10 Indian phones whose numbers were present in the data showed signs of either an attempted or successful Pegasus hack. The results of the forensic analysis threw up shows sequential correlations between the time and date a phone number is entered in the list and the beginning of surveillance. The gap usually ranges between a few minutes and a couple of hours. Eleven phone numbers associated with a female employee of the
Supreme Court of India and her immediate family, who accused the former Chief Justice of India,
Ranjan Gogoi, of sexual harassment, were also allegedly found on a database indicating possibility of their phones being snooped. Records also indicate that phone numbers of some of the key political players in
Karnataka appear to have been selected around the time when an intense power struggle was taking place between the Bharatiya Janata Party and the Janata Dal (Secular)-Congress-led state government in 2019. In October 2023,
Apple warned Indian journalists and opposition politicians that they may have been targets of state-sponsored attacks using Pegasus spyware. A
Washington Post investigation found that the Indian government officials pressured Apple to rescind the warnings. Apple instead sent out emails saying the warnings could have been a false alarm and asked media to mention the same in their articles, while government officials told media that it could have been an "algorithmic malfunction".
Minister of Commerce Piyush Goyal said that the warnings were a "prank" by Apple. An advisor to the government,
Sanjeev Sanyal, alleged that the warnings were part of a conspiracy involving
Access Now,
George Soros, Apple and opposition politicians to falsely accuse the government of hacking.
Iraq The phone of Iraqi President
Barham Salih was found on a list of potential Pegasus surveillance targets (however, actual targeting – attempted or successful – could not be determined). The targeting of Salih appeared to have been linked to Saudi Arabia and UAE. The surveillance was ordered by high-ranking police officers, and was carried out without warrants or judicial supervision. The legal basis for use of spyware against citizens is disputed. The police had allegedly targeted civilians not suspected of any crime, including organisers of antigovernmental protesters, mayors, anti-LGBT parade activists, employees of government-owned companies, an associate of a senior politician, In some cases, Pegasus was used to obtain information unrelated to an ongoing investigation to be used later to pressure the subject of an investigation. In some cases, police used Pegasus to obtain incriminating information from suspects' devices, and then concealed the source of the incriminating information claiming it would expose intelligence assets. While the Israeli Police formally denied the allegations in the report, some senior police officials have hinted that the claims were true. The report led to the announcement of a number of parallel investigations into the police's conduct, with some officials demanding a
Commission of inquiry. Although the
Attorney General launched an internal probe into the allegations, the Privacy Protection Council (which advises the Minister of Justice), demanded that a state commission of inquiry be created. On February 7, the widespread extent of the warrantless surveillance was further revealed to have included politicians and government officials, heads of corporations, journalists, activists, and even Avner Netanyahu, the son of then-Prime Minister,
Benjamin Netanyahu. This has led to renewed calls for a public inquiry, including from the current police commissioner
Kobi Shabtai himself (appointed January 2021), as well as from the
Minister of the Interior,
Ayelet Shaked and others. Later in the day, the
Minister of Public Security (the minister responsible for the police),
Omer Bar-Lev, announced that he would be forming a commission of inquiry, to be chaired by a retired judge. Bar-Lev stressed that this commission will essentially be granted all the powers of a state commission (whose formation requires full cabinet support), including having the authority to subpoena witnesses, "regardless of seniority," whose testimony may be used in future prosecutions. Despite this, calls for a state commission persisted from several ex-ministry heads who were targeted. The next day, the
State Comptroller Matanyahu Englman, calling the crisis a "trampling on the values of democracy and privacy," said that the investigation launched by his office will also be extensive, adding that it will not only include the police, but also the
Ministry of Justice and the
State Attorney's Office. In September 2023,
Apple issued an emergency software patch after it was warned that Israel's NSO Group had injected its Pegasus spyware remotely and surreptitiously on to iPhones and iPads.
Jordan Between August 2019 and December 2021, Apple phones of four Jordanian human rights activists, lawyers and journalists were hacked by a NSO government client (apparently Jordanian government agencies). The Jordanian government denied involvement. In January 2022, it was revealed that Jordanian lawyer and activist Hala Ahed Deeb's phone was targeted with Pegasus. In February 2024, a report released by the digital rights group Access Now revealed that the phones of more than 30 people in Jordan, including journalists, lawyers and activists, had their phones infected with Pegasus between 2020 and 2023.
Kazakhstan Activists in
Kazakhstan were targeted, in addition to top-level officials, like
Kassym-Jomart Tokayev,
Askar Mamin and
Bakytzhan Sagintayev. Among the 2000 targeted Kazak numbers were government critic Bakhytzhan Toregozhina, as well as journalists Serikzhan Mauletbay and Bigeldy Gabdullin. Most of these victims were involved in a civic youth movement
Oyan, Qazaqstan.
Latvia Citizen Lab first noted the use of Pegasus in Latvia in 2018; Citizen Lab believes Pegasus is still being used by Latvia as of 2023.
Mexico According to the
New York Times, Mexico has been "the first and most prolific user of Pegasus". Mexico in 2011 became the first country to purchase Pegasus, seeing it as a novel tool in the country's struggle against drug cartels. Mexican authorities also sought to cultivate autonomous intelligence capabilities, having hitherto been highly reliant on the United States for intelligence gathering capabilities. Within years, authorities began to use Pegasus to target civil society (including human rights advocates, anti-corruption activists, and journalists). In 2023, an investigation concluded that journalists at the newspaper
El Universal and human rights defender Raymundo Ramos was illegally surveillanced by the Mexican Armed Forces using Pegasus. The analysis by Citizen Lab found that Ramos’ phone was infected multiple times in connection to his reporting in July 2020. This incident was a manhunt where soldiers chasing several pickup trucks resulted in killing passengers who the military claimed were involved in a local criminal group. Ramos interviewed family members of the victims of this incident who said they were innocent and were actually kidnapped by the cartel, which led to Ramos publishing allegations that the government targeted innocent people in the manhunt. As of 2023, Mexico's spending on Pegasus had totaled over $60 million. The targets supported measures to reduce childhood obesity, including
Mexico's "Soda Tax." They stated that the Mexican government used Pegasus to send them messages about funeral homes containing links which, when clicked, allowed the government to surreptitiously listen to the investigators.
Assassination of journalist Cecilio Pineda Birto Cecilio Pineda Birto, a Mexican freelance journalist was assassinated by hitmen while resting in a hammock by a carwash. Brito had been reporting on the ties between local politicians and criminal organizations, and had received anonymous death threats during the weeks preceding the assassination; at about the same time, his phone number was selected as a possible target for Pegasus surveillance by a Mexican Pegasus client. Pegasus spyware may have been used to ascertain Brito's location to carry out the hit by geolocating his phone; the deployment of Pegasus on his phone, however, could not be confirmed as his phone disappeared from the scene of the murder.
Targeting of presidential candidate Obrador In the run-up to the 2018 Mexican presidential election, dozens of close associates of the presidential candidate Andrés Manuel López Obrador (who was subsequently elected) were selected as potential targets. Potential targets included close family members, his cardiologist, and members of his personal and political inner circle. Recordings of Obrador's conversations with family and party colleagues were subsequently leaked to the public in an attempt to disrupt his electoral campaign.
Use by Mexican drug cartels Pegasus has been used by drug cartels and cartel-entwined government actors to target and intimidate Mexican journalists.
Other A widow of slain renowned Mexican journalist was a target of an attempted Pegasus attack 10 days after her husband was assassinated.
Morocco In 2019, two Moroccan pro-democracy campaigners were notified by WhatsApp that their phones had been compromised with Pegasus.
Reda Benzaza, a Riffian pro-democracy activist exiled in Spain, was targeted by Pegasus along with her lawyer. In July 2021, it was revealed that the Moroccan PM Saad Eddine el-Othamani and Moroccan King Mohammed VI were selected for targeting – apparently by Moroccan state actors themselves. The Algerian government subsequently severed diplomatic relations with Morocco in August 2021, citing alleged Moroccan deployment of Pegasus against Algerian officials as one of the "hostile actions" that undergirded the decision.
Netherlands The Netherlands is a suspected Pegasus user.
Panama President of Panama
Ricardo Martinelli personally sought to obtain cyberespionage tools after his election in 2009. After a rebuff by the U.S. in 2009, Martinelli successfully sought such tools from Israeli vendors, expressing an interest in acquiring a tool capable of hacking into mobile phones in a 2010 private meeting with Israeli PM Netanyahu. In 2012, NSO systems were installed in Panama City. The equipment was subsequently widely used for illicit domestic and foreign spying, including for spying on political opponents, magistrates, union leaders, and business competitors, with Martinelli allegedly going so far as to order the surveillance of his mistress using Pegasus. Salah Hammouri, a French-Palestinian human rights defender and one of the six victims of the Pegasus attack, has filed a lawsuit against NSO in France, accusing the company of a privacy rights violation. Citizen Lab revealed that several members of political opposition groups in
Poland were hacked by Pegasus spyware, raising alarming questions about the Polish government's use of the software. A lawyer representing Polish opposition groups and a prosecutor involved in a case against the ruling Law and Justice party were also compromised. A subsequent investigation by the prosecutor general's office revealed Pegasus was used against 578 people from 2017 to 2022, by three separate government agencies: the Central Anticorruption Bureau, the Military Counterintelligence Service and the Internal Security Agency. In December 2021, Citizen Lab announced that Pegasus was used against lawyer
Roman Giertych and prosecutor Ewa Wrzosek, both critical of the ruling
Law and Justice (PiS) government, with Giertych's phone suffering 18 intrusions. 33 hacks to the phone of
Krzysztof Brejza, a
senator from the opposition
Civic Platform (PO) were uncovered, and confirmed by
Amnesty International. Leading to the
2019 European and
Polish parliamentary elections, Brejza's text messages were stolen as he was leading the opposition parties' campaign. The texts were doctored by state-run media, notably
TVP, and used in a
smear campaign against the opposition. This prompted the Polish Senate to begin an inquiry into the deployment of the spyware. On January 25, 2022, more victims were confirmed by Citizen Lab, including
Michał Kołodziejczak of the agrarian movement
Agrounia, and Tomasz Szwejgiert, a journalist and alleged former associate of the CBA. According to the
Supreme Audit Office (NIK), 544 of its employees' devices were under surveillance over 7,300 times, some could be infected with Pegasus. In January 2024, Poland's
Sejm, the lower house of its parliament, established a special commission to investigate the use of Pegasus by the PiS. Appearing in front of the commission in March 2024, former prime minister
Jarosław Kaczyński testified that “use of Pegasus was in accordance with the law, there were no shortcomings, and in 99% it was used against criminals.” On 31 January 2025, former justice minister
Zbigniew Ziobro was arrested over allegations of the misuse of Pegasus spyware.
Rwanda Political activists in
Rwanda have been targeted with Pegasus, including the daughter and the nephew of
Paul Rusesabagina.
Saudi Arabia In December 2020, it was reported that
Saudi Arabia and the
United Arab Emirates deployed a zero-click iMessage Pegasus exploit against two
London-based reporters and 36 journalists at the
Al Jazeera television network in
Qatar.
Jamal Khashoggi Pegasus was used by Saudi Arabia to spy on
Jamal Kashoggi, who was later
assassinated in Turkey. In October 2018, Citizen Lab reported on the use of NSO software to spy on the inner circle of
Jamal Khashoggi just before his murder. Citizen Lab's October report stated with high confidence that NSO's Pegasus had been placed on the iPhone of Saudi dissident Omar Abdulaziz, one of Khashoggi's confidantes, months before. Abdulaziz stated that the software revealed Khashoggi's "private criticisms of the Saudi royal family," which according to Abdulaziz "played a major role" in Khashoggi's death. In December 2018, a
New York Times investigation concluded that Pegasus software played a role in the Khashoggi's murder, with a friend of Khashoggi stating in a filing that Saudi authorities had used the Israeli-made software to spy on the dissident. NSO CEO Shalev Hulio stated that the company had not been involved in the "terrible murder", but declined to comment on reports that he had personally traveled to the Saudi capital
Riyadh for a $55 million Pegasus sale. In 2021, allegations arose that the software may also have been used to spy on members of
Kashoggi's family. The wife of Jamal Khashoggi, Hanan Elatr, intended to sue the NSO Group, alleging that she was targeted with Pegasus spyware. She also prepared a lawsuit in the US against the governments of Saudi Arabia and the United Arab Emirates for their involvement in the attempts to install the software on her mobile phone. Elatr was arrested in
Dubai in April 2018. Activity on Etatr's confiscated phone, while she was in the custody of UAE intelligence services, further suggested that an attempt was made to install the software at that time.
Targeting of Jeff Bezos Pegasus was also used to spy on
Jeff Bezos after
Mohammed bin Salman, the crown-prince of Saudi Arabia, exchanged messages with him that exploited
then-unknown vulnerabilities in WhatsApp.
Targeting of journalist Ben Hubbard Ben Hubbard, a
Middle East correspondent for the
New York Times, revealed in October 2021 that Saudi Arabia used the NSO Group's Pegasus software to hack into his phone. Hubbard was targeted repeatedly over a three-year period between June 2018 to June 2021 while he was reporting on
Saudi Arabia, and writing a book about the Saudi Crown Prince
Mohammed bin Salman. Hubbard was possibly targeted for writing the book about the Crown Prince, and for his involvement in revealing the UAE's hacking and surveillance attempt of Project Raven. Saudis attempted to peek into Hubbard's personal information twice in 2018, one through a suspicious text message and the other through an Arabic
WhatsApp message inviting him to a protest at a Saudi embassy in Washington. Two other attacks were launched against him in 2020 and 2021 using the zero-click hacking capabilities. Lastly, on June 13, 2021, an iPhone belonging to Hubbard was successfully hacked using the FORCEDENTRY exploit. Citizen Lab said in "high confidence" that the four attacks were attempted using Pegasus.
Other targets Another Saudi exile
Omar Abdulaziz in Canada was identified by
McKinsey & Company as being an influential dissident, and hence had two brothers imprisoned by the Saudi authorities, and his cell phone hacked by Pegasus. In June 2018, a Saudi satirist,
Ghanem Almasarir, was targeted by Saudi Arabia with Pegasus software. The targeting and hacking of Almasarir's phone by a network linked to Saudi Arabia was confirmed by researchers at the
Citizen Lab. On 28 May 2019, the letter of claim was delivered to the
Saudi embassy in London on behalf of Ghanem Almasarir. In August 2022, a British judge ruled that the prominent dissident in
London can sue Saudi Arabia for Pegasus hacking.
Slovakia The Slovak Information Service (SIS) has acquired the Pegasus software under the fourth government of Prime Minister
Robert Fico. Four anonymous sources from SIS have revealed to the daily newspaper Denník N that Pegasus has moved from testing phase to full operation in September 2024. The presence of "New systems that allow to hack into phones" has also been confirmed by the opposition politician and former chairman of the National Assembly Committee for Defence and Security Juraj Krúpa (SaS party) who warned that SIS had its powers expanded and can now spy on citizens without the need for court approval. The SIS has refused to either confirm or deny these accusations, citing state secrecy. The members of government denied the information of Denník N. Interior Minister Matúš Šutaj Eštok (
Voice – Social Democracy) said at today's press conference that he had no information about the purchase of the Pegasus system and questioned the veracity of the Denník N article.
South Africa South African president
Cyril Ramaphosa was revealed to have been selected as a potential target of Pegasus surveillance, possibly by the Rwandan state.
The scandal resurfaced in April 2022 following the publication of a report of a CitizenLab investigation that revealed widespread use of Pegasus against Catalan politicians and citizens, as well as Basque politician
Arnaldo Otegi and MP
Jon Iñarritu. A total of 63 victims was identified, with targets including elected officials (including high-ranking ones) and civil society members (including activists, journalists, lawyers, and computer scientists). The true extent of the targeting was potentially far larger as Android devices are far more common in Spain while CitizenLab tools are specialised to uncover infiltration of Apple devices. Citizen Lab did not attribute the responsibility for the attacks to any perpetrators, but did note that circumstantial evidence strongly suggests the attacks were perpetrated by the Spanish Government.
Use against Spanish government officials In May 2022, the Spanish Government revealed that the smartphones of Prime Minister
Pedro Sánchez and Defense Minister
Margarita Robles had been targeted by Pegasus in May 2021. Prime Minister Sanchez's device was infected twice, and Robles' device was infected once. A total of over 2.7GB of data was exfiltrated from the PM device, while only 9MB of data was extracted from the Defense Minister's device.
Morocco was believed to be behind the attack given the diplomatic tensions between the two at the time of the target. In 2025, the Spanish high criminal court dismissed its investigation from 2023 (which was a re-opened from the incident in 2022 due to new evidence showing that Pegasus targeted French politicians, lawyers and journalists) due to lack of co-operation from Israeli authorities in responding to requests for information.
Thailand According to a report by Citizen Lab and Digital Reach, at least 30 political activists and government critics from Thailand were affected by the spyware. A spokesperson for the
Ministry of Digital Economy and Society stated his ministry was not aware of any Pegasus usage by the government. A researcher from Citizen Lab has said that while 30 targets were confirmed definitively, they expect the actual number to be much higher.
Tibet Senior advisers of the
Dalai Lama (who does not carry a personal phone himself), Tibet's president-in-exile, staff of a prominent Tibetan Buddhist spiritual leader
Gyalwang Karmapa, as well as several other Tibetan activists and clerics – all of whom are living in exile in India – were selected for potential targeting by Pegasus, likely by the
Indian government.
Togo A joint investigation by
The Guardian and
Le Monde alleged that Pegasus software was used to spy on six critics of the government in
Togo.
Ukraine At least since 2019, Ukraine had sought to obtain Pegasus in its effort to counter what it saw as an increasing threat of Russian aggression and espionage. However, Israel had imposed a near-total ban on weapons sales to Ukraine (which also encompassed cyberespionage tools), wary of selling Pegasus to states that would use the tool against Russia so as not to damage relations with Russia. In August 2021, at a time when Russian troops were amassing on the Ukrainian border, Israel again rebuffed a request from a Ukrainian delegation asking to obtain Pegasus; according to a Ukrainian official familiar with the matter, Pegasus could have provided critical support in Ukraine's effort to monitor Russian military activity. In the wake of the
2022 Russian invasion of Ukraine, Ukrainian officials rebuked Israel's tepid support of Ukraine and Israeli efforts to maintain amicable relations with Russia. The United Arab Emirates used Pegasus to spy on the members of Saudi-backed Yemeni government according to an investigation published in July 2021. The UAE used the spyware to monitor and spy on the ministers of the internationally recognized government of President
Abdrabbuh Mansur Hadi, including Yemeni president and his family members, former Prime Minister
Ahmed Obaid Bin Dagher, former Foreign Minister
Abdulmalik Al-Mekhlafi, and current Minister of Youth and Sports,
Nayef al-Bakri. In August 2021, Amnesty International confirmed that
David Haigh, a prominent British Human Rights lawyer and founder of Human Rights NGO Detained International, was the first British person to have evidence on his mobile phone that it had been hacked by NSO spyware. It is believed the illegal hacking was carried out in August 2020 by the government of
Dubai. At the time of the infection,
David Haigh was the lawyer representing Dubai Princess
Latifa bint Mohammed Al Maktoum who was being held hostage, and he was assisting
Princess Haya bint Hussein and her legal team as well. Haigh had been exchanging videos and text messages in secret for more than a year and a half with Princess Latifa through a phone that had been smuggled into the Dubai villa where she was being held. She stopped responding on July 21, 2020, according to a screenshot of the messages Haigh shared. The analysis shows that Haigh's phone was hacked two weeks later. On 24 September 2021,
The Guardian reported that the telephone of
Alaa al-Siddiq, executive director of
ALQST, who died in a car accident in
London on 20 June 2021, was infected with the Pegasus spyware for 5 years until 2020. Citizen Lab confirmed that the Emirati activist was hacked by a government client of Israel's NSO Group. The case represented a worrying trend for activists and dissidents, who escaped the UAE to live in the relative safety, but were never out of the reach of Pegasus. In October 2021, the British
High Court ruled that agents of
Mohammed bin Rashid Al Maktoum used Pegasus to
hack the phones of his (ex)-wife,
Princess Haya bint Hussein, her solicitors (including baroness
Fiona Shackleton), a personal assistant and two members of her security team in the summer of 2020. The court ruled that the agents acted "with the express or implied authority" of the sheikh; he denied knowledge of the hacking. The judgment referred to the hacking as "serial breaches of (UK) domestic criminal law", "in violation of fundamental common law and
ECHR rights", "interference with the process of this court and the mother's access to justice" and "abuse of power" by a head of state. NSO had contacted an intermediary in August 2020 to inform Princess Haya of the hack and is believed to have terminated its contract with the UAE. On 7 October 2021, the
NSO Group stated that it had terminated its contract with the UAE to use its Pegasus spyware tool after the ruling by
UK's High Court that
Dubai's ruler misused the firm's Pegasus software to spy on his ex-wife and her legal advisers. In 2022, sources revealed that a unit of Abu Dhabi's
Mubadala Investment Company, Mubadala Capital was one of the largest investors in €1 billion Novalpina Capital
private equity fund, which bought the NSO Group in 2019. Since then, Mubadala has been an investor in the firm with its commitment of €50 million, acquiring a seat on the committee of largest investors of the equity fund. Journalists, human rights defenders and the
women of Dubai's royal family were traced to have been hacked using the Pegasus spyware during the same time. A report by the
Citizen Lab revealed that Pegasus spyware linked to an Emirati operative was used to hack into the phones at the
Downing Street and the Foreign Office. One of the spyware attack on No 10 was on 7 July 2020, which was asserted to have infected the phone of British Prime Minister
Boris Johnson. Besides, at least five attacks were identified on Foreign Office phones by UK allies, including the UAE, between July 2020 and June 2021. The UAE was also accused of hiring a firm to "monitor"
Jeremy Corbyn.
United Kingdom (UK) In April 2022,
Citizen Lab released a report stating that
10 Downing Street staff had been targeted by Pegasus, and that the
United Arab Emirates was suspected of originating the attacks in 2020 and 2021.
United States (US) NSO Group pitched its spyware to the
Drug Enforcement Administration (DEA), which declined to purchase it due to its high cost. In August 2016, NSO Group (through its U.S. subsidiary Westbridge) pitched its U.S. version of Pegasus to the
San Diego Police Department (SDPD). In the marketing material, Westbridge emphasized that the company is U.S.-based and majority-owned by a U.S. parent company. An SDPD Sergeant responded to the sales pitch with "sounds awesome". The SDPD declined to purchase the spyware as it was too expensive. In November 2021, the
Biden administration placed NSO Group on a
Commerce Department blacklist from government contracts, after determining NSO Group action was "contrary to the foreign policy and national security interests of the US." In December 2021, it was reported that Pegasus spyware was found in the preceding months on the
iPhones of at least nine
U.S. State Department employees, all of whom were either stationed in Uganda or worked on matters related to Uganda. Later the same month, AP reported that a total of 11 U.S. State Department employees stationed in Uganda had their iPhones hacked with Pegasus. The US government blacklisted the NSO Group to stop what it called "
transnational repression". In January 2022, it was reported that the
Federal Bureau of Investigation had secretly bought the Pegasus spyware in 2019 and had seen a demonstration of Phantom, a newer tool capable of targeting American phone numbers. The FBI went on to test both tools, and considered their use for domestic surveillance in the U.S., which reportedly led to discussions between the FBI and
United States Department of Justice; ultimately the FBI decided against using NSO spyware. However, despite the 2021 decision rejecting use of NSO software, Pegasus equipment is still in the FBI's possession at a New Jersey facility. Responding to the reports, FBI officials played down the domestic surveillance aspect of the Pegasus testing, instead stressing
counter-intelligence as their purported main goal. A document later obtained by
The New York Times clearly showed that the agency weighed using Pegasus and Phantom in domestic law enforcement cases.
L3Harris, a U.S. defense contractor, was in talks to acquire NSO Group, the maker of Pegasus. L3Harris reportedly had the backing of U.S. intelligence in undertaking the acquisition negotiations. After months of negotiations, the talks were scuttled after they were made known to the public by the news media in June 2022, with the U.S. government publicly rebuking the acquisition attempt. This helped trigger a hold on a
Department of Homeland Security contract with NSO competitor
Paragon Solutions in late 2024, With the transition from the Biden to Trump administrations in January 2025, NSO Group began heavily investing in
lobbying efforts to overturn the Commerce Department ban on their products. NSO hired Vogel Group lobbyists with close ties to the Trump administration, and spent over $1.8 million on
Republican political campaigns in the
2024 United States elections. In May 2025, NSO Group was ordered by a
US district court to pay $167 million in damages to
WhatsApp for exploiting their messaging systems for Pegasus spyware injections. The order also included deletion of data collected by targeted activists and also cease targeting of the affected Whatsapp users and barred them of doing said activites again in the future. This amount was later adjusted to proper standard of 4 million, due to a cap on punitive damages.
Yemen The forensic analysis of
UN independent investigator
Kamel Jendoubi's mobile phone revealed on 20 December 2021 that he was targeted by spyware while probing war crimes in
Yemen. Jendoubi's mobile number was also found in the leaked database of the Pegasus Project. According to the data, Jendoubi was one of the potential targets of one of NSO Group's long-time clients, Saudi Arabia. An NSO spokesperson denied that Kamel Jendoubi was any of its client's targets.
International organizations European Union In April 2022, according to two EU officials and documentation obtained by Reuters, the
European Justice Commissioner Didier Reynders and other
European Commission officials had been targeted by NSO's software. The commission learned of this after Apple notified thousands of iPhone users in November 2021 that they were targeted by state-sponsored hackers. According to the same two sources, IT experts examined some of the smartphones, but the results were inconclusive. == Pegasus Project ==