Pegasus

Suicide Drone

Pegasus is said to be one of the most intrusive spyware programs in the world. The Pegasus spyware (at times referred to as Q Suite) is created and operated by the Israeli cyber company  NSO . The company uses different methods to install the software on mobile devices (both iOS and Androids) without the user’s knowledge or permission. This includes both exploiting vulnerabilities of other programs (as was done with WhatsApp), as well as through sophisticated deception of the target. Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity, and use the GPS function to track a target’s location and movements.

The research center “Citizen’s Lab” has exposed the use of the software by the Mexican government against journalists and Human Rights activists, by the Moroccan government against human rights activists, by Spain against Catalonian politicians, and many more.

Sold to:

Mexico

Saudi Arabia

Spain

Ghana

Bahrein

Oman

Abi Dabbi

Ras El-Haimeh

Togo

Company:

Pegasus

Variations:

Pegasus is said to be one of the most intrusive spyware programs in the world. The Pegasus mobile phone spyware suite (at times referred to as Q Suite) is created and operated by the Israeli cyber company NSO Group. The company uses different methods to install the software on mobile devices (both iOS and Androids) without the user’s knowledge or permission. This includes both exploiting vulnerabilities of other programs (as was done with WhatsApp), as well as through sophisticated deception of the target. Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity and use the GPS function to track a target’s location and movements.

The private equity firm Francisco Partners purchased NSO for $120 million in 2014.  NSO has close partnerships with a variety of other Israeli surveillance firms as they seek to spread their spy kit across the world. These include among others Ability Inc. Another Israeli company that made headlines for hacking iPhones, Cellebrite, has also been in communication with NSO, though they operate at different levels of police investigations. In 2019, the company was acquired by its founders and management, with the support of European private equity firm Novalpina Capital. Q cyber, an NSO affiliate, holds 63% of issued ordinary shares.

The research center Citizen Lab[1] has exposed the use of the software by the Mexican government against journalists and Human Rights activists, by the Moroccan government against human rights activists, by Spain against Catalonian politicians, and many more. The spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defendes. It was implicated in the killing of Saudi journalist Jamal Khashoggi in Istanbul in 2018. Several alleged targets and civil society figures sued NSO in an Israeli court over the hacking. In 2019, Facebook filed a lawsuit against NSO, alleging computer fraud, claiming that NSO Group tried to infect roughly 1,400 “target devices” with their malicious software to steal valuable information from activists, journalists and others using the messaging app Whatsapp.[2] In the lawsuit, WhatsApp claims that servers controlled by NSO rather than government clients were an integral part of the way the hacks were executed. 8

According to Citizen Lab 45 countries were identified with Pegasus Spyware infections: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia.[3]

In another report[4], Citizen Lab exposed that dozens of journalists at Al-Jazeera, the Qatari state-owned media company, have been targeted by malware linked to the NSO Group. The malware infected the personal phones of 36 workers at Al-Jazeera. The attacks were tied “with medium confidence” to Emirati and Saudi governments.

Use by Israeli forces:

There is no known use of Pegasus by Israel.

Pegasus

Suicide Drone

Pegasus is said to be one of the most intrusive spyware programs in the world. The Pegasus mobile phone spyware suite (at times referred to as Q Suite) is created and operated by the Israeli cyber company NSO Group. The company uses different methods to install the software on mobile devices (both iOS and Androids) without the user’s knowledge or permission. This includes both exploiting vulnerabilities of other programs (as was done with WhatsApp), as well as through sophisticated deception of the target. Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity and use the GPS function to track a target’s location and movements.

The private equity firm Francisco Partners purchased NSO for $120 million in 2014.  NSO has close partnerships with a variety of other Israeli surveillance firms as they seek to spread their spy kit across the world. These include among others Ability Inc. Another Israeli company that made headlines for hacking iPhones, Cellebrite, has also been in communication with NSO, though they operate at different levels of police investigations. In 2019, the company was acquired by its founders and management, with the support of European private equity firm Novalpina Capital. Q cyber, an NSO affiliate, holds 63% of issued ordinary shares.

The research center Citizen Lab[1] has exposed the use of the software by the Mexican government against journalists and Human Rights activists, by the Moroccan government against human rights activists, by Spain against Catalonian politicians, and many more. The spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defendes. It was implicated in the killing of Saudi journalist Jamal Khashoggi in Istanbul in 2018. Several alleged targets and civil society figures sued NSO in an Israeli court over the hacking. In 2019, Facebook filed a lawsuit against NSO, alleging computer fraud, claiming that NSO Group tried to infect roughly 1,400 “target devices” with their malicious software to steal valuable information from activists, journalists and others using the messaging app Whatsapp.[2] In the lawsuit, WhatsApp claims that servers controlled by NSO rather than government clients were an integral part of the way the hacks were executed. 8

According to Citizen Lab 45 countries were identified with Pegasus Spyware infections: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia.[3]

In another report[4], Citizen Lab exposed that dozens of journalists at Al-Jazeera, the Qatari state-owned media company, have been targeted by malware linked to the NSO Group. The malware infected the personal phones of 36 workers at Al-Jazeera. The attacks were tied “with medium confidence” to Emirati and Saudi governments.