Publications

At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.

Mexican digital rights organization R3D, with technical support from the Citizen Lab, has determined that Mexican journalists and a human rights defender were infected with Pegasus between 2019 and 2021. The infections occurred years after the first revelations of Pegasus abuses in Mexico, and after Mexico’s current President assured the public that the government no longer used the spyware, and that there would be no further abuses.

Our investigation uncovered an extensive Pegasus hacking operation against pro-democracy campaigners in Thailand. At least 30 forensically-confirmed victims of NSO Group’s Pegasus spyware between October 2020 and November 2021.

The Citizen Lab and Access Now have confirmed 35 cases of journalists and members of civil society whose phones were successfully infected with NSO’s Pegasus spyware between July 2020 and November 2021. We shared a sample of forensic data with Amnesty International’s Security Lab which independently confirms the findings.

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.