Skip to main content

NSO Group, maker of Pegasus spyware for iPhone and Android

See All Stories
NSO Group

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.

NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted. A report by Amnesty International that said that Pegasus was being used to mount zero-click attacks against human rights activists and other innocent targets.

An explosive report from Amnesty International interpreted device logs to reveal the scope of targeted malware attacks in active use targeting Android and iPhone devices, since July 2014 and as recently as July 2021. Exploited devices can secretly transmit messages and photos stored on the phone, as well as record phone calls and secretly record from the microphone. The attack is sold by Israeli firm NSO Group as ‘Pegasus’.

Whilst the company claims to only sell the spyware software for legit counterterrorism purposes, the report indicates it has actually been used to target human rights activists, lawyers and journalists around the world (as many have long suspected).

In July 2021, Apple issued an iOS security fix that appears to match the exploit reportedly used by NSO, though security researchers say that Apple needs to do more.

NSO initially made contradictory statements, first saying that it had no way to monitor how its software was used, and subsequently denying that it was used against the targets described in Amnesty’s report. It then said it would issue no further statements, and would not be answering any questions from the media.

The US government banned the import and use of Pegasus, depriving the company of its most lucrative customer base: US law enforcement agencies. Apple added to the pressure, suing the company, and alerting owners of infected iPhones. That put the company under extreme financial pressure, which may see it disappear – or may just make things worse.

For those most at risk – such as diplomats, politicians, government opponents, and activists – Apple has made available iPhone Lockdown Mode, which disables the most common attack paths.

Pegasus spyware journalists had to take extreme measures to avoid becoming victims

Pegasus spyware journalists | Abstract image

Pegasus spyware journalists Laurent Richard and Sandrine Rigaud were the first to discover an extensive list of specific people being targeted by NSO’s clients. In working on the story, they said they had to take extreme privacy precautions to avoid their own devices being compromised.

One of the major uses of Pegasus has been to silence journalists working on revealing abuses by tyrannical governments, so the risk of their own devices being hacked without their knowledge was very real …

Expand Expanding Close

Pegasus spyware defended by NSO’s CEO, as researcher compares it to a nuclear weapon

Pegasus spyware | Nuclear explosion

Pegasus spyware – a zero-click way of remotely hacking an iPhone, and gaining access to all the personal data stored on it – has been defended by the company’s CEO. NSO chief exec said that the company had made “mistakes” in selling it to repressive governments, but claimed that it now sells Pegasus only to countries to whom the US sells weapons.

A security researcher said that the comparison was bogus, stating that a more reasonable comparison would be selling long-range nuclear missiles …

Expand Expanding Close

Pegasus spyware used against anti-corruption journalists in Mexico, despite government promises

Pegasus spyware used | iPhone shown in red lighting

A new report reveals that Pegasus spyware was used in Mexico after the president expressly said that the government no longer used the malware.

It was used to capture data from the phones of two journalists specialising in reporting on government corruption, as well as a prominent human rights defender …

Expand Expanding Close

iPhone Lockdown Mode can be easily detected, could make you a target

iPhone Lockdown Mode

iPhone Lockdown Mode is an extreme form of security designed to protect people who might find themselves targets of state-sponsored spyware, like Pegasus. However, a privacy activist says it also makes it easy for a website to detect when someone is using it – and has demonstrated this.

So what is designed to be protection against rogue governments could actually end up helping them identify people who may be of interest …

Expand Expanding Close

Congress wants further crackdown on spyware makers like NSO, after earlier import ban

Spyware makers | Man in darkened room using MacBook

Congress is set to vote on The Intelligence Authorization Act, intended to further punish spyware makers like NSO. It follows evidence that the company’s Pegasus spyware was used to hack iPhones used by American diplomats.

The Commerce Department had already named NSO as a threat to US national security, and banned the import and use of Pegasus, but the bill would take things further …

Expand Expanding Close

Latest Pegasus iPhone hack: Apple warned pro-democracy protestors in Thailand

Pegasus iPhone hack | Protestors and police on the streets

The latest Pegasus iPhone hack to come to light targeted more than 30 pro-democracy protestors. Apple detected that their phones had been infected by NSO’s spyware, and alerted them.

Thailand has been the subject of multiple military coups over the years, the most recent of which was in 2014, with an army-backed leader still in power today after elections widely believed to have been fraudulent …

Expand Expanding Close

NSO Pegasus spyware used by at least five EU countries; interim report published

NSO Pegasus spyware | Purely decorative image showing spy

NSO Pegasus spyware has been used by at least five EU countries, admits the company. The admission was made as part of a European investigation into the impact of Pegasus, with an interim report now published.

It’s likely that the true number is higher, with the company promising to provide a ‘more concrete number’ …

Expand Expanding Close

iPhone spyware maker NSO struggled to make payroll; wants to sell to red-flagged countries

iPhone spyware (purely decorative image)

The financial problems of iPhone spyware maker NSO were so bad by the end of last year that it struggled to make payroll – after the company failed to make a single sale over a period of several months.

The company, which sells software to remotely carry out zero-click hacks of both iPhones and Android smartphones, has been in deep trouble ever since it was blacklisted by the US government. However, its plan to overcome its woes could make Pegasus an even nastier threat …

Expand Expanding Close

Spanish prime minister’s iPhone infected by Pegasus spyware; defense minister, too

Spanish prime minister's iPhone infected by Pegasus spyware

The Spanish prime minister’s iPhone was infected by NSO’s Pegasus spyware, says the government. Defense Minister Margarita Robles’ phone was also hit. This is just the latest in a slew of high-profile Pegasus attacks revealed within the last few weeks.

While it is foreign governments who would most want to target phones belonging to most prime ministers, there’s another obvious suspect in the case of Spain …

Expand Expanding Close

Pegasus targeted US iPhones indirectly; device infected in British prime minister’s office; Catalans targeted in Spain

Black iPhone 13 shown against abstract background | Pegasus targeted US iPhones indirectly

NSO spyware Pegasus targeted US iPhones indirectly, despite the company forbidding customers from infecting phones with American SIMs. Devices belonging to Catalan politicians and others were also infected, with the Spanish government suspected to be responsible.

Additionally, it was discovered that a device connected to the network at 10 Downing Street – the office of British prime minister Boris Johnson – was also infected …

Expand Expanding Close

Pegasus hacked the iPhone of award-winning journalist, weeks after Apple’s injunction attempt

Pegasus hacked the iPhone of award-winning journalist

It’s been revealed that NSO’s Pegasus hacked the iPhone of an award-winning journalist, just weeks after Apple sought an injunction that would bar the company from targeting iPhone users.

NSO’s Pegasus software is so dangerous for two reasons. First, it gives access to almost all the data on the phone, including messages, photos, and location. Second, it works via a zero-click approach …

Expand Expanding Close

US version of Pegasus spyware was bought and tested by the FBI in 2019, but never used

US version of Pegasus was bought and tested by the FBI

A special US version of Pegasus smartphone spyware was created by NSO, and purchased by the FBI, a new report reveals today. The Drug Enforcement Agency, Secret Service, and the US military also held discussions with the Israeli spyware company.

Israel had always insisted that NSO make Pegasus incapable of being used on phones registered to US numbers in order to avoid angering a powerful ally, but an exception was granted…

Expand Expanding Close

Israel police reportedly use Pegasus spyware on country’s own citizens, without warrants


It’s being reported today that Israel police are using NSO’s Pegasus spyware on the country’s own citizens, including opponents of former Prime Minister Benjamin Netanyahu. NSO had previously claimed that Pegasus would not be used within Israel.

The phone hacks are said to have been carried out without warrants and without any judicial oversight.

Expand Expanding Close

Latest suspected NSO phone hack: Journalists and activists in El Salvador

Latest suspected NSO phone hack

Another suspected NSO phone hack has come to light, this of journalists and activists in El Salvador. Most of the journalists were working for an online news service that has been reporting extensively on alleged government corruption.

Two journalists contacted Citizen Lab after suspecting that their phones had been compromised, and an investigation confirmed their suspicions, and found that they weren’t the only ones …

Expand Expanding Close

New report suggests Uganda used NSO spyware to hack State Department iPhones

Uganda used NSO spyware to hack State Department iPhones

We learned earlier this month that NSO’s Pegasus spyware was used to hack US State Department iPhones in Uganda, with no clue at the time who the attacker was.

A new report strongly suggests that the Ugandan government was behind the attacks, as the country – which has an appalling human rights record – is now known to have purchased the spyware. It also appears that this was, indirectly, the tipping point that led to NSO’s downfall…

Expand Expanding Close

After US ban and Apple action, Pegasus spyware maker NSO running out of cash

Pegasus spyware maker NSO running out of cash

Pegasus spyware maker NSO Group is reportedly running out of cash following actions by both the US government and Apple. This has led the company to explore options to put itself up for sale.

Two US funds have expressed an interest, claiming that they would change the company’s mission from offensive to defensive, though skepticism has been expressed about this …

Expand Expanding Close

Apple alerted Polish prosecutor that her iPhone has likely been compromised by NSO

Apple alerted Polish prosecutor of NSO attack

As part of hitting back at spyware company NSO, Apple alerted a Polish prosecutor that her iPhone appears to have been compromised by Pegasus. This also gives us our first look at the text of Apple’s security alerts.

Although Poland has not admitted purchasing and using the spyware, there is significant evidence that it has done so …

Expand Expanding Close

Apple will alert customers who may have been targeted by NSO

Apple will alert customers who may have been targeted by NSO

Journalists, lawyers, politicians, and human rights activists have all been targeted by NSO’s Pegasus software, and Apple has now said that it will send security alerts to customers whose devices may be been compromised. It has already done so for at least five Thai activists and researchers.

It follows Apple’s announcement yesterday that it is suing NSO for attacking iOS users …

Expand Expanding Close