The Israeli-made Pegasus spyware, sold by the cyberoffense firm NSO to state intelligence agencies around the world, has become infamous in recent years. Exploiting unknown loopholes in WhatsApp, iMessage and Android has allowed the group’s clients to potentially infect any smartphone and gain full access to it – in some cases without the owner even clicking or opening a file.
Digital forensics groups such as Amnesty International and the University of Toronto’s Citizen Lab have revealed numerous potential targets with traces of the spyware on their phones. Last summer, Project Pegasus – led by Paris-based NGO Forbidden Stories with the help of Amnesty’s Security Lab – organized an international consortium of journalists, including Haaretz and its sister publication TheMarker, to investigate thousands of additional potential targets selected for possible surveillance by NSO Group clients worldwide.
So far, targets have been found across the world: from India and Uganda to Mexico and the West Bank, with high-profile victims including U.S. officials and a New York Times journalist.
Now, for the first time, Haaretz has assembled a list of confirmed cases involving Pegasus spyware. (Are we missing someone? Do you have a tip? Email us here)
Though there have been over 450 suspected hacking cases, this list, which was put together with the help of Amnesty’s Security Lab, includes only the cases in which infections were confirmed either by Amnesty or another digital forensics group like Citizen Lab (which also helped construct this list). It also includes a few instances where official bodies such as French intelligence agencies or private firms like Apple or WhatsApp have publicly confirmed attacks.
The list does not include those suspected of being targeted – for example, Amazon’s Jeff Bezos, who was reportedly sent the spyware via a WhatsApp message from no less than Saudi Crown Prince Mohammed bin Salman. Rather, it is those who have actually been found with Pegasus on their phones.
The NSO Group, which refuses to confirm the identity of its clients and claims it has no knowledge of their targets, has denied most of these cases and says digital forensic analysis cannot fully identify its software.
Police use NSO’s Pegasus to spy on Israelis without warrant, report says
Israeli NSO spyware found on phones of Jordanian, Bahraini women’s rights activists
Police using Pegasus spyware against Israelis shows: NSO is an arm of the state
NSO scandal shows Israelis are fine with human rights violations as long as judges approve
The gap between the massive list of potential targets and those who were actually infected highlights how hard it is to confirm the presence of Pegasus spyware on phones. For instance, a private investigation commissioned by Bezos himself found that his phone had received a strange message from Crown Prince Mohammed, after which the tycoon’s device began sending out a lot of data. However, Bezos was reluctant to hand his phone over to anyone other than the handpicked investigators he had hired; they said it was very likely his phone had been infected.
Here is the list of most, if not all, known and confirmed Pegasus cases. They are sorted by the nationality of the victims or their country of residence when they were targeted.
The list of confirmed cases is followed by an additional list of names of those who have been confirmed to have been targeted but whose actual infection has not been verified.
The NSO Group logo on one of its Israeli offices. AMIR COHEN/REUTERS
AZERBAIJAN
Khadija Ismayilova
The Azerbaijani investigative journalist based in Baku was targeted repeatedly for over three years as part of government persecution as a result of her work, the Project Pegasus investigation revealed.
Sevinc Vaqifqizi
Freelance Azerbaijanii journalist Vaqifqizi was found by Amnesty and Forbidden Stories to have had their phone infected with Pegasus in 2019 and 2020.
EL SALVADOR
Carlos Mart?nez
A reporter for El Faro, he was one of over 35 journalists and members of civil society groups infected by the Pegasus spyware between July 2020 and November 2021.
Nine El Faro journalists
The following journalists with El Faro were all found by Citizen Lab to have been infected by the Pegasus spyware: Gabriela C?ceres, Carlos Dada, Carlos Ernesto Mart?nez D’aubuisson, Julia Gavarrete (who had two phones hacked), Valeria Guzm?n, Ana Beatriz Lazo, Rebeca Monge, V?ctor Pe?a, Nelson Rauda.
Noah Bullock
The head of Cristosal, a human rights organization based in El Salvador, who was also found by Citizen Lab to have been infected.
Ricardo Avelar
A journalist with El Diario de Hoy, Citizen Lab confirmed that his device had been infected.
Jose Marinero
An official with the activism group Fundaci?n DTJ in El Salvador whose phone was found by Citizen Lab to have been infected.
Xenia Hernandez
Another official with the activism group Fundaci?n DTJ in El Salvador whose phone was found by Citizen Lab to have been infected.
Oscar Luna
An activist with the digital rights group Revista Digital Disruptiva. Citizen Lab found that their phone had been infected.
Mariana Belloso
An independent journalist whose phone was found by Citizen Lab to have been infected by the Pegasus spyware.
Carmen Tatiana Marroqu?n
An economist and columnist whose phone was found by Citizen Lab to have been infected by the Pegasus spyware.
Read our full story on Pegasus in El Salvador
FRANCE
L?na?g Bredoux
The investigative journalist and general editor of Mediapart was confirmed to have been infected by Pegasus. The confirmation was made by France’s computer security agency following Project Pegasus. Bredoux was involved in a story about the head of Morocco’s intelligence agency, a known NSO client.
Edwy Plenel
The investigative journalist with Mediapart was confirmed to have been infected by Pegasus. The confirmation was made by France’s computer security agency following Project Pegasus.
Unnamed France 24 journalist
A senior journalist with France 24 was confirmed to have been infected by Pegasus in May 2019, September 2020 and January 2021. That was confirmed by France’s computer security agency after Project Pegasus.
Claude Mangin
French national whose husband, Naama Asfari, is jailed in Morocco for advocating for Western Saharan independence. As part of Project Pegasus, it was found that at least two of her phones were infected.
Suspected operator: Morocco
Read our full story on Pegasus in France
HUNGARY
D?niel N?meth
A Hungarian photojournalist involved in covering President Viktor Orb?n and the country’s elites, two of his phones were infected in 2021. Direkt36, working with Citizen Lab and Amnesty’s Security Lab, confirmed the infections.
Zolt?n P?va
The former Hungarian politician, now the publisher of an opposition news website, was also infected by Pegasus in March and May 2021.
Adrien Beauduin
A gender studies student at Central European University in Hungary, Beauduin was confirmed to have had his phone infected after being arrested in a protest against Orb?n’s policies.
Szabolcs Panyi
The journalist with Direkt36, which was a partner in the Pegasus Project, was infected a number of times in 2019. The confirmation was made by Amnesty as part of the global investigation.
Andr?s Szab?
An investigative journalist with Direkt36, Szab?’s phone was infected a number of times in 2019. The confirmation was made by Amnesty as part of the global investigation.
Brigitta Csik?sz
A Hungarian journalist covering crime stories, Csik?sz’s phone was infected in 2019 – which was confirmed by Direkt36 and Amnesty.
Read our full story on Pegasus in Hungary
India’s Congress party workers protesting against phone surveillance after Pegasus was discovered on party members’ phones. PRAKASH SINGH / AFP
INDIA
Jagdeep Singh Randhawa
Human rights lawyer and activist from Punjab had his phone hacked in July and August 2019.
Mangalam Kesavan Venu
Founding editor of The Wire – a nonprofit Indian investigative journalism outlet that was part of the Project Pegasus investigation – was found to have been infected with the spyware.
Paranjoy Guha Thakurta
Investigative journalist who was looking into how the Modi government used Facebook to spread disinformation; Amnesty confirmed his phone had been infected by NSO’s spyware as part of the Project Pegasus investigation.
Prashant Kishor
Political pollster working with a number of opposition parties in India, his phone was infected in 2018, Amnesty confirmed, months before an election – in what critics say was an attempt by Modi’s party to use the spyware to collect political information.
Rona Wilson
An activist focused on minorities and prisoners’ rights, digital forensics firm Arsenal Consulting found that his phone had been infected in July 2017 and April 2018. His phone number appeared in the Project Pegasus leaks.
Syed Abdul Rahman Geelani
Geelani (also known as SAR Geelani), a Delhi University professor serving time in India for ties to an outlawed Maoist group and prisoners’ rights activist, was found by Amnesty to have been infected between 2017 and 2019.
Sushant Singh
A journalist who covered defense issues for The Indian Express, and was investigating a massive deal between India and France, was found by Amnesty to have been infected as part of Project Pegasus.
S.N.M. Abdi
Journalist for India’s Outlook had his phone infected by Pegasus in April 2019, May 2019, July 2019, October 2019 and December 2019, Amnesty found as part of Project Pegasus.
Bela Bhatia
An Indian human rights lawyer whose phone was found to have been infected in 2019, and is one of five victims who are part of WhatsApp suit against NSO.
Unnamed legal officer
The legal officer was also confirmed to have been hacked with spyware following the Project Pegasus investigation.
Ankit Grewal
The lawyer and so-called anti-caste activist was found to have been targeted in 2019 – one of a large group of victims named by WhatsApp in its suit against NSO.
Read our full story on Pegasus in India
JORDAN
Hala Ahed Deeb
Jordanian human rights lawyer, unionizer and feminist activist was found by Front Line Defenders to have been infected with Pegasus since March 2021.
KAZAKHSTAN
Aizat Abilseit, Dimash Alzhanov and Tamina Ospanova
Three members of the opposition group Wake Up, Kazakhstan whose phones were found by Amnesty’s Security Lab to have been infected by Pegasus in June 2021. Apple also warned them about the hack, which it attributed to a “state-sponsored attacker.”
Darkhan Sharipov
The Kazakh activist’s phone was also found by Amnesty to have been infected by Pegasus in June 2021.
Suspected operator: Kazakhstan
Read our full story on Pegasus in Kazakhstan
LEBANON
Lama Fakih
The director of Human Rights Watch’s crisis and conflict director and heads the group’s Beirut office, was targeted with Pegasus spyware at least five times between April and August 2021, HRW and Amnesty International’s Security Lab found.
Suspected operator: Unknown
MOROCCO
Hicham Mansouri
Freelance investigative journalist and co-founder of the Moroccan Association of Investigative Journalists had his iPhone infected with Pegasus more than 20 times between February and April 2021, the Project Pegasus investigation revealed. Mansouri fled Morocco in 2016 and is now based in Paris.
Mahjoub Mleiha
Human rights activist from Western Sahara who is active in the Collective of Sahrawi Human Rights Defenders, now lives in Belgium, where he is also a citizen. Amnesty found that his phone had been infected.
Shawan Jabarin, director of the al-Haq human rights group. One of the Palestinian NGO’s workers’ phones was infected by Pegasus. Majdi Mohammed/AP
Joseph Breham
A French lawyer who is involved in a lawsuit against Saudi Crown Prince Mohammed over claims of torture and inhumane treatment in Yemen. Amnesty confirmed that his phone had been infected with Pegasus using the same type of messages other alleged victims in Morocco also received.
Oubi Buchraya Bachir
Sahrawi diplomat who has served as its representative in a number of African countries. Amnesty confirmed as part of Project Pegasus that his phone was infected.
Maati Monjib
Founder of the Moroccan Association for Investigative Journalism and the NGO Freedom Now (dedicated to protecting the rights of journalists and writers), Amnesty found that his phone had been infected in 2019.
Omar Radi
An independent, award-winning Moroccan journalist whose phone was found by Amnesty to have been infected in 2019.
Suspected operator: Morocco
PALESTINIAN TERRITORIES (WEST BANK)
Ghassan Halaika
Human rights activist working for Al-Haq, a Palestinian NGO blacklisted by Israel, whose phone was infected in July 2020. The confirmation was made by human rights organization Front Line Defenders.
Ubai Aboudi
The phone of the director of the Bisan Center for Research and Development, a Palestinian NGO blacklisted by Israel, was infected in 2020 and confirmed by Front Line Defenders.
Salah Hammouri
Lawyer and researcher with the Addameer Prisoner Support and Human Rights Association, a Palestinian NGO blacklisted by Israel, whose phone was infected in 2020, according to Front Line Defenders.
Three unnamed activists
Phones of three activists working with Palestinian NGOs blacklisted by Israel were infected in 2020, and confirmed by Front Line Defenders.
Suspected operator in all six cases: Israel
Polish prosecutor Ewa Wrzosek holding her phone outside her Warsaw office last month. Czarek Sokolowski/AP
Read our full story on Pegasus in the West Bank
POLAND
Krzysztof Brejza
Polish senator and member of the opposition party Civic Platform whose phone was confirmed to have been infected over 30 times in 2019. The confirmation was made by Citizen Lab and reported by AP.
Roman Giertych
A lawyer who has represented leaders of Brejza’s Civic Platform party in sensitive cases, and was confirmed to have been infected over 10 times in 2019. The confirmation was made by Citizen Lab.
Ewa Wrzosek
The phone of the prosecutor and critic of the ruling Law and Justice party’s attempt to undermine Poland’s judiciary was confirmed to have been infected a number of times in 2019. The confirmation was made by Citizen Lab after she received a notification from Apple warning that her phone had been hacked.
Michal Kolodziejczak
The agrarian social movement leader was hacked several times in May 2019 ahead of a fall election in which Kolodziejczak was hoping to have his group, AGROunia, become a formal political party. Courts have so far blocked his efforts to form a political party.
Tomasz Szwejgiert
An author and collaborator with Polish secret services who found himself at odds with powerful figures was hacked while co-authoring a book about the head of Poland’s secret services, Mariusz Kaminski. He was hacked 21 times with Pegasus from late March to June of 2019.
Suspected operator in all three cases: Poland
Read our full story on Pegasus in Poland
Hatice Cengiz, fiancee of the murdered Saudi journalist Jamal Khashoggi, talking to the media last year. MURAD SEZER/REUTERS
RWANDA
Carine Kanimba
A U.S.-Belgian citizen, Kanimba is the daughter of Rwandan activist Paul Rusesabagina, who was arrested and forcibly returned to the country. Her father’s plight inspired the 2004 movie “Hotel Rwanda” and she was confirmed by Amnesty to have been hacked at the start of 2021.
Peter Verlinden
The Belgian journalist stationed in Africa has worked for the national Flemish broadcaster VTR. Belgian intelligence services and Amnesty found that his phone had been infected in September, October and November 2020.
Marie Bamutese
The phone of Peter Verlinden’s wife was also found to have been hacked. This was confirmed by Belgium’s General Intelligence and Security Service.
Suspected operator: Rwanda
SAUDI ARABIA
Hatice Cengiz
The Turkish national was the fianc?e of the late Washington Post columnist Jamal Khashoggi, and her phone was infected a few days after her partner was murdered at the Saudi Embassy in Istanbul in October 2018 – as revealed by Amnesty as part of Pegasus Project.
Omar Abdulaziz
A close friend of Khashoggi’s, Abdulaziz’s phone was infected with Pegasus in the months before the Saudi dissident’s murder in 2018, CItizen Lab found. Based in Canada, he has filed a lawsuit against NSO in Israel.
Wadah Khanfar
Al Jazeera’s former director general and another close friend of Khashoggi, Amnesty found that his phone was infected as recently as July 2021.
Egyptian dissident Ayman Nour speaking in Istanbul in 2019. Burhan Ozbilici/AP
Ragip Soylu
A Turkish journalist who heads Middle East Eye’s bureau in Ankara. Amnesty confirmed that his phone was infected several times between February and July 2021.
Ben Hubbard
The phone of the New York Times journalist was confirmed by Citizen Lab to have been infected between June 2018 to June 2021 while he was based in Lebanon, reporting on Saudi Arabia and writing a book about Crown Prince Mohammed.
Suspected operator in all cases: Saudi Arabia
Read our full story on Pegasus in Saudi Arabia
UNITED ARAB EMIRATES
Alaa al-Siddiq
Executive director of ALQST, a nonprofit advocating for human rights in the UAE and the Gulf region. Her phone was found to have been infected a number of times from 2015, when she was living in Qatar (where she had moved to flee persecution), and up until 2019, when she had relocated to Britain. She died in a car crash in 2021. Citizen Lab made the hacking confirmation.
Ayman Nour
Egyptian dissident, 2005 Egyptian presidential candidate and opposition activist. Citizen Lab found his phone had been infected by Pegasus, as well as an additional spyware called Predator – which was developed by NSO competitor Cytrox.
Suspected operator: UAE
Rania Dridi
A journalist with Alaraby TV, she had her phone infected at least six times during 2020, as confirmed by Citizen Lab.
Tamer Almisshal
Investigative journalist for Al Jazeera in Arabic who has covered the Gulf region extensively, including the Khashoggi killing. His phone was infected in 2020, Citizen Lab confirmed.
Ebtisam al-Saegh
Bahraini human rights activist focused on women’s rights. Front Line Defenders found that her phone was hacked at least eight times between August and November 2019. Saegh had been arrested in Bahrain for her activism in the past and has faced persecution for her work.
Mexican President Andres Manuel Lopez Obrador speaking last July about allegedly being targeted by the previous administration of President Enrique Pena Nieto after it purchased Pegasus spyware from N MEXICO’S PRESIDENCY / REUTERS
34 Al Jazeera staffers
The phones of 34 other journalists, producers, anchors and executives at Al Jazeera were confirmed to have been infected in 2020, Citizen Lab reported.
Suspected operator: Saudi Arabia, Bahrain and/or the UAE
UNITED KINGDOM
David Haigh
The human rights lawyer and LGBTQ activist who represented Princess Latifa of Dubai was the first British target confirmed to have been infected by Pegasus. He supplied Amnesty with his phone in the wake of Project Pegasus.
Anas Altikriti
Muslim anti-war activist based in the U.K. whose phone was confirmed to have been infected with Pegasus. His interfaith thinktank, the Cordoba Foundation, has been accused of maintaining ties with the Muslim Brotherhood and Hamas. Suspected operator: UAE
UNITED STATES
11 unnamed U.S. officials
Eleven officials with the U.S. State Department in Uganda were confirmed to have been hacked with Pegasus. The revelation led to a U.S. Department of Commerce decision last November to blacklist NSO.
Suspected operator: Uganda or Rwanda
LIST OF THOSE WHO HAVE ALSO BEEN TARGETED BY PEGASUS:
Ahmed Mansoor (Emirati human rights activist)
Rafael Cabrera (Mexican journalist)
Dr. Simon Barquera (Mexican researcher)
Alejandro Calvillo (Mexican whistleblower)
Luis Encarnaci?n (Mexican activist)
Karla Micheel Salas (Mexican human rights lawyer)
David Pe?a (Mexican human rights lawyer)
Carmen Aristegui (Mexican journalist)
Emilio Aristegui (son of Carmen Aristegui)
Sebasti?n Barrag?n (Mexican journalist)
Carlos Loret de Mola (Mexican journalist)
Salvador Camarena (Mexican journalist)
Daniel Liz?rraga (Mexican journalist)
Mario E. Patr?n (Mexican human rights activist)
Stephanie Brewer (U.S. human rights activist working in Mexico)
Santiago Aguirre (Mexican human rights activist)
Juan Pardinas (Mexican anti-corruption activist)
Juan Pardinas’s wife
Alexandra Zapata (Mexican journalist)
Azam Ahmed (Former New York Times bureau chief for Mexico)
Ricardo Anaya Cort?s (Mexican lawyer/politician)
Sen. Roberto Gil Zuarth (Mexican senator)
Fernando Rodr?guez Doval (Mexican politician)
Claudio X. Gonz?lez (Mexican anti-corruption activist)
GIEI investigation (Mexican probe into mass disappearances)
Ghanem Almasarir (Saudi dissident)
Yahya Assiri (Saudi activist)
Unnamed Amnesty International employee
Abdessadak El Bouchattaoui (Moroccan journalist)
Griselda Triana (Mexican journalist)
Nihalsing Rathod (Indian human rights lawyer)
Priyanka Gandhi Vadra (General secretary, Indian National Congress)
Santosh Bhartiya (Indian journalist)
Shubhranshu Choudhary (Indian peace activist)
Unnamed U.K. lawyer
Shalini Gera (Indian lawyer)
Degree Prasad Chauhan (Indian human rights activist)
Anand Teltumbde (Indian activist)
Ashish Gupta (Indian activist)
Seema Azad (Indian activist)
Vivek Sundara (Indian activist)
Saroj Giri (Indian activist)
Sidhant Sibal (Indian journalist)
Rajeev Sharma (Indian journalist)
Rupali Jadhav (Indian activist)
Jagdish Meshram (Indian lawyer)
Alok Shukla (Indian activist)
Ajmal Khan (Indian research scholar)
Balla Ravindranath (Indian lawyer/activist)
Mandeep Singh (Indian activist)
P. Pavana (Indian, daughter of activist P. Varavara Rao)
Arunank (Indian law graduate)
Smita Sharma (Indian journalist)
Hanan Elatr (wife of Jamal Khashoggi)
Jorge Carrasco (Mexican journalist)
?lvaro Delgado G?mez (Mexican journalist)
Princess Latifa al Maktoum (daughter of the prime minister of the UAE)
Princess Haya bint Hussein (estranged wife of the prime minister of the UAE)
Juan Mayer (aerial photographer who recorded Princess Latifa’s skydives)
Lynda Bouchikhi (Princess Latifa’s officially sanctioned chaperone)
Sioned Taylor (friend of Princess Latifa)
Martin Smith (head of U.K. private security firm hired by Princess Haya)
Shimon Cohen (British PR expert)
Ross Smith (head of investigations at U.K. private security firm hired by Princess Haya)
John Gosden (British horse trainer, friend of Princess Haya)
Aisha bint Hussein (half sister of Princess Haya)
Stuart Page (British private investigator)
K.K. Sharma (former Indian Border Security Force chief)
Jagdish Maithani (Indian Border Security Force officer)
Jitendra Kumar Ojha (former Indian espionage officer)
Jitendra Kumar Ojha’s wife
Col. Mukul Dev (former Indian army officer)
Rupesh Kumar Singh (Indian journalist)
Rupesh Kumar Singh’s wife
Devirupa Mitra (Indian diplomatic correspondent)
Vijaita Singh (Indian journalist)
Daniel Liz?rraga (El Salvadorian journalist)
Efren Lemus (El Salvadorian journalist)
Gabriel Labrador (El Salvadorian journalist)
Jos? Luis Sanz (El Salvadorian journalist)
Mar?a Luz N?chez (El Salvadorian journalist)
Mauricio Ernesto Sandoval Soriano (El Salvadorian journalist)
?scar Mart?nez (El Salvadorian journalist)
Roman Gressier (El Salvadorian journalist)
Roxana Lazo(El Salvadorian journalist)
Sergio Arauz (El Salvadorian journalist)
Beatriz Benitez (El Salvadorian journalist)
Ezequiel Barrera (El Salvadorian journalist)
Xenia Oliva (El Salvadorian journalist)
Plus 1,400 other potential targets who WhatsApp believes were hacked
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish