Two days after the murder of award-winning Mexican journalist Javier Valdez Cárdenas, two of his colleagues began receiving text messages laden with NSO Group’s Pegasus spyware. To date, 24 targets of Pegasus have been identified in Mexico. This case additionally illustrates an alarming trend of spyware attacks around the world specifically aimed at journalists.

The Citizen Lab has sent an open letter to Francisco Partners in light of the apparent misuse of NSO Group’s technology– a company in which we believe Francisco Partners has a majority stake– and to request timely action in regards to issues raised in previous correspondence.

In this report, we describe how Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted with a fake package delivery notification. We assess with high confidence that Abdulaziz’s phone was infected with NSO’s Pegasus spyware. We attribute this infection to a Pegasus operator linked to Saudi Arabia.

في هذا التقرير ، نَصِف كيف تم استهداف المقيم الدائم في كندا، والمنشق السعودي؛ “عمر عبد العزيز”، عبر إشعار مزيف عن “تتبع شحنة بريد”. نحن وجدنا -وبثقة عالية- أن هاتف عبد العزيز قد تم استهدافه ببرنامج التجسس “بيغاسوس” من شركة NSO. نعزو هذه الإصابة إلى مشغل “بيغاسوس” مرتبط بالمملكة العربية السعودية.

عَمِلنا في هذا البحث على تطوير تقنيات جديدة لمسح الإنترنت لتحديد 45 بلداً قد يقوم فيها مشغلو برامج التجسس بيغاسوس من شركة NSO بإجراء عمليات تجسس.

In this post, we develop new Internet scanning techniques to identify 45 countries in which operators of NSO Group’s Pegasus spyware may be conducting operations.

Citizen Lab validates Amnesty International investigation showing targeting of staff member and Saudi activist with NSO Group’s technology.

This letter requests a follow up to correspondence Citizen Lab sent to Francisco Partners in February after we discovered the apparent use of the products of its portfolio company, Sandvine, to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt.

Claudio X. González, the director of Mexicanos Contra la Corrupción y la Impunidad (MCCI: Mexicans Against Impunity and Corruption), becomes the 22nd known individual abusively targeted with NSO’s spyware technology in Mexico.