NSO mobile Pegasus Spyware used in operations in 45 countries

A new report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

A new investigation of the Citizen Lab revealed that the powerful Pegasus mobile spyware was used against targets across 45 countries around the world over the last two years.

Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies.

Earlier August, Citizen Lab shared evidence of attacks against 175 targets worldwide carried on with the NSO spyware. Citizen Lab uncovered other attacks against individuals in Qatar or Saudi, where the Israeli surveillance software is becoming very popular.

COUNTRY NEXUS	REPORTED CASES OF INDIVIDUALS TARGETED	YEAR(S) IN WHICH SPYWARE INFECTION WAS ATTEMPTED
Panama	Up to 150 (Source: Univision)1	2012-2014
UAE	1 (Source: Citizen Lab)	2016
Mexico	22 (Source: Citizen Lab)	2016
Saudi Arabia	2 (Source: Amnesty, Citizen Lab)	2018

A report published by Amnesty International confirmed that its experts identified a second human rights activist, in Saudi Arabia, who was targeted with the powerful spyware.

Now a new report published by Citizen Lab shows that the number of Pegasus infections is greater than initially thought.

Between August 2016 and August 2018, the researchers scanned the web for servers associated with Pegasus spyware and uncovered 36 distinct Pegasus systems in 45 countries by using a novel technique dubbed Athena.

The experts found 1,091 IP addresses that matched their fingerprint and 1,014 domain names that pointed to them.

At least ten of the operators identified by NSO appear to be actively engaged in cross-border surveillance, at least six countries with significant Pegasus operations (Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates) have been accused in the past of spying civil society.

“We designed and conducted a global DNS Cache Probing study on the matching domain names in order to identify in which countries each operator was spying. Our technique identified a total of 45 countries where Pegasus operators may be conducting surveillance operations. At least 10 Pegasus operators appear to be actively engaged in cross-border surveillance.” reads the report published by Citizen Lab.

“Pegasus also appears to be in use by countries with dubious human rights records and histories of abusive behaviour by state security services. In addition, we have found indications of possible political themes within targeting materials in several countries, casting doubt on whether the technology is being used as part of “legitimate” criminal investigations.”

Pegasus infections were observed in Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia.

The experts determined the location of the infections using country-level geolocation of DNS servers, but they warn of possible inaccuracies because targets could have used VPNs and satellite connections.

NSO Group spokesperson released a statement in response to the report, he highlighted that the company never broke any laws, including export control regulations.

“Contrary to statements made by you, our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws,” reads the statement from NSO Group spokesperson Shalev Hulio.

“NSO’s Business Ethics Committee, which includes outside experts from various disciplines, including law and foreign relations, reviews and approves each transaction and is authorized to reject agreements or cancel existing agreements where there is a case of improper use.”

The NSO Group also denied selling in many of the countries listed in the report.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Pegasus Spyware, surveillance)

[adrotate banner=”5″]

[adrotate banner=”13″]