Pegasus Spyware Campaigns Gather Pace: Infections Detected in 45 Countries

By Richard Anderson

Pegasus spyware is a legitimate surveillance tool that has been attributed to the Israeli cyber-intelligence firm NSO Group. The spyware works on both Android smartphones and iPhones to allow security services to intercept text messages, track phone calls, trace a phone’s location, and obtain passwords and data from apps installed on an infected device.

Since at least 2016, NSO Group has been offering Pegasus spyware to nation state actors, according to the Citizen Lab, which has conducted an in-depth investigation into the use of the spyware.

The investigation into Pegasus spyware has been running for two years, during which time the researchers have seen a major increase in the number of operators using the malware. In 2016, there were only 200 known servers associated with Pegasus spyware; however, by 2018 the number had increased to more than 600 servers. There are now 36 operators known to be using Pegasus Spyware. Infections have been identified in 45 countries and there are 10 operators with infections in another country.

Worryingly, The Citizen Lab’s research indicates that there are six operators in countries that have a track record of using spyware on citizens targeting civil rights, namely the United Arab Emirates, Saudi Arabia, Morocco, Mexico, Kazakhstan, and Bahrain. The Citizen Lab claims that the spyware has been used by Gulf Cooperation Council countries to track dissidents, specifically a UAE activist in 2016 and an Amnesty International staffer in Saudi Arabia this year. In a recent blog post, The Citizen Lab wrote “Our findings paint a bleak picture of the human-rights risks of NSO’s global proliferation.”

The full list of countries where Pegasus spyware has been detected is: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen and Zambia.

While the spyware has been detected in those countries, NSO Group has criticized The Citizen Lab’s research claiming that it has not supplied the spyware to many of the countries in the list, and that it only provides its product in countries in a limited number of countries that have been approved under its Business Ethics Framework. The Citizen Lab stands by its research and maintains that serious doubts have been raised about “the effectiveness of [NSO Group’s] internal mechanism, if it exists at all.”

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news