NSO's Pegasus spyware found on the devices of six Palestinian activists
The mobile phones of six Palestinian human rights activists have been infected with Pegasus, a spyware strain developed and sold by Israeli surveillance company NSO Group.
The malware was found by members of Frontline Defenders, a non-profit organization that works to protect human rights activists. Their findings were independently verified and confirmed by security researchers from Amnesty International and Citizen Lab.
Three of the hacked Palestinian activists agreed to have their names included in the reports. All three work for human rights and civil society groups that Israel added to a list of terrorist organizations in October 2021.
EU and UN officials, along with several international non-profits, condemned and disputed this designation as misleading and unsubstantiated.
But investigators also pointed out that the Pegasus malware infections pre-dated this designation, with some infections going back as far back as July 2020.
| Target | Position | Approximate dates when phones were hacked | SIM(s) |
|---|---|---|---|
| Ghassan Halaika | Field researcher and human rights defender working for Alhaq | (1) 2020-07-14 – 2020-07-18 | (1) MCC 425, MNC 07 (HOT Mobile – IL) |
| Ubai Aboudi | Executive Director at Bisan Center for Research and Development | (1) 2021-02-12 – 2021-02-17 | (1) MCC 425, MNC 05 (Jawwal – PS) |
| Salah Hammouri | Lawyer and field researcher at Addameer Prisoner Support and Human Rights Association based in Jerusalem | (1) 2021-04-12 – 2021-04-30 | (1) MCC 425, MNC 02 (Cellcom ltd. – IL) |
| T4 | Human rights defender | (1) 2021-04-12 | (1) MCC 425, MNC 02 (Cellcom ltd. – IL) |
| T5 | Human rights defender | (1) 2021-02-10 (2) 2021-04-03 (3) 2021-04-12 | (1) MCC 425, MNC 01 (Orange/Partner – IL) |
| T6 | Human rights defender | (1) 2020-11-04 | (1) MCC 425, MNC 05 (Jawwal – PS) |
"Of interest is the fact that four hacked phones exclusively used SIMs issued by Israeli telecoms companies with Israeli (+972) phone numbers," Amnesty International said in their report.
"NSO Group has said that exported versions of Pegasus cannot be used to hack Israeli phone numbers," Amnesty added, highlighting again one of the company's many contradictory statements about how the Pegasus malware is supposed to work and its safeguards.
Unfortunately, investigators didn't find sufficient evidence to link the six hacked smartphones to any organization or government agency.
Over the past few years, NSO Group has become one of the most notorious spyware sellers in the world, next to HackingTeam and the Gamma Group.
Historically, Pegasus spyware has been associated with autocratic regimes. Known countries that have been identified as NSO and Pegasus customers include Israel, Qatar, Uzbekistan, Morocco, Mexico, Yemen, Hungary, Saudi Arabia, and Bahrain, among many others.
It's exactly this particular clientele that has gotten the NSO Group in hot water last week when the US Department of Commerce sanctioned the NSO Group and three other hacking tool makers.
In NSO's case, the US cited the fact that the company "developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.