Pegasus Software and the Rise of Spyware


    Representation of a Data Breach by Pegasus malware. [source]


    Pegasus is a spyware malware existing since 2016 created by the Israeli company NSO Group, operating since 2010. Its role is to provide full access to a smartphone to track criminals and terrorists by exploiting 0-day vulnerabilities. New study highlights great improvement in the malware technology, requiring no manual intervention contrary to the past. Serious breach in its ethical use led to important geopolitical and civil-rights consequences.

    Key Judgement 1

    Pegasus technology has highly likely progressed, making it a dangerous instrument both for national security and for the safety of victims targeted.

    • A media investigation reveals widespread and ongoing exploitation of Israel-based NSO company hacking software Pegasus. The corporation claims is only meant to be used against criminals and terrorists. Only military, law enforcement, and intelligence organizations in 40 unspecified countries are technically allowed to use the business’s espionage capabilities.
    • Clients, which can only be countries, should be approved both by the NSO and the Israeli minister of defence responsible for issuing individual export licences. 
    • Countries that have very likely used this kind of technology for other purposes that the one specified are Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. [source]
    • The malware requires no manual intervention and infects iPhones and Android. It allows users to extract texts, photographs, and emails, as well as record calls, activate microphones and access GPS and encrypted apps such as WhatsApp, Telegram and Signal. 

    Key Judgement 2

    The spyware will likely lead to more targeting of journalists and dissidents as well as breaches in sensitive data in the next 12 month

    • Mexico is one of the main users of the software with more than 15 000 numbers. Among them, the one of Cecilio Pineda Birto recently murdered in a carwash. Even if his phone has not been found after the homicide, it is very likely that Pegasus’ system was central in founding its location. [source]
    • It is very luckily that Washington Post’s Saudi columnist, Jamal Khashoggi, had been another of the victims of the software. Its monitorition by the Saudi services thanks to Pegasus led to his assassination in the Istanbul consulate on October 2, 2018. The Turkish prosecutor investigating his killing was also a target, as well as its relatives and friends. 

    Key Judgement 3

    Targeted countries and entities will likely curtail the illicit use of the malware in the next 12 months.

    • The Pegasus project might spark debates over government monitoring in other countries accused of using the technology.
    • Several countries have opened independent investigations compared to those of NSO and the Israeli government. Indeed, it is likely that breach of devices of Heads of state and members of the government have been committed. [source]
    • The US authorities blacklisted the Israeli group NSO, creator of Pegasus. This will likely complicate its relations with potential US partners, particularly those that allow it to launch attacks. Indeed, NSO Group has used, until this summer, Amazon Web Services.  [source]
    Fake Amnesty International Website containing Sarwent RAT. [source]

    Key Judgement 4

    Private Hacking Firms will try to replicate and develop more sophisticated and discreet spyware like Pegasus malware in the next 12 months.

    • An attack group very luckily based in Russia is attempting to spread malware. He is using the concerns about the deployment of the Pegasus spyware. It created a hoax version of the Amnesty International website with a malicious download that claim protect their devices. 
    • Users downloaded instead a lesser-known RAT (Sarwent) capable of stealing a wide range of sensitive data. Sarwent appears to be similar to a standard antivirus tool. It gives the attacker the ability to upload and run any additional malicious software. It can also access any type of data from the victim device.
    • Cisco Talos discovered and analysed the malware. They state that the actor might not be only trying to easily monetize. Indeed, the low amount of targets on the one hand and the high level of customization of the malware on the other hand, may point to a more experienced character not driven by profit but more grey means [source].
    Sofia Staderini
    Sofia Staderini
    Post-graduate student in International Affairs at Hertie School with a particular focus in International Security. She graduated cum laude in July 2021 in Philosophy, International and Economic Studies at Ca’ Foscari University of Venice with a dissertation on post-truth politics. She took part in several conferences and study projects in Europe such as the Global Studies at the Institute of Maritime Military Studies of Venice, the Bundeszentrale für Politische Bildung’s "War or Peace" program in Berlin, yet ensued by Scuola di Politiche and the Académie Notre Europe. Fluent in Italian, French, English, and Spanish. Currently studying German and Russian.

    Table of contents


    Get the weekly email from Grey Dynamics that makes reading intel articles and reports actually enjoyable. Join our mailing list to stay in the loop for free!

    Related contents

    Learn to create professional videos and have fun in the process of creating videos.
    Video Review And Collaboration.
    Get Started
    Subscribe to our Free Newsletter!