Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds

Pegasus spyware from NSO Group was used in Jordan to hack the cellphones of journalists, lawyers, human rights and political activists.

Israeli-made Pegasus spyware was used in Jordan to hack the cellphones of at least 30 people, including journalists, lawyers, human rights and political activists, the digital rights group Access Now said Thursday.

The hacking with spyware made by Israel’s NSO Group occurred from early 2020 until last November, Access Now said in its report. It did not accuse Jordan’s government of the hacking.

One of the targets was Human Rights Watch’s deputy director for the region, Adam Coogle, who said in an interview that it was difficult to imagine who other than Jordan’s government would be interested in hacking those who were targeted.

The Jordanian government had no immediate comment on Thursday’s report.

In a 2022 report detailing a much smaller group of Pegasus victims in Jordan, digital sleuths at the University of Toronto’s Citizen Lab identified two operators of the spyware it said may have been agents of the Jordanian government. A year earlier, Axios reported on negotiations between Jordan’s government and NSO Group.

“We believe this is just the tip of the iceberg when it comes to the use of Pegasus spyware in Jordan, and that the true number of victims is likely much higher,” Access Now said. Its Middle East and North Africa director, Marwa Fatafta, said at least 30 of 35 known targeted individuals were successfully hacked.

Citizen Lab confirmed all but five of the infections, with 21 victims asking to remain anonymous, citing the risk of reprisal. The rest were identified by Human Rights Watch, Amnesty International’s Security Lab, and the Organized Crime and Corruption Reporting Project.

NSO Group says it only sells to vetted intelligence and law enforcement agencies — and only for use against terrorists and serious criminals. But cybersecurity researchers who have tracked the spyware’s use in 45 countries have documented dozens of cases of politically motivated abuse of the spyware — from Mexico and Thailand to Poland and Saudi Arabia.

Advertisement. Scroll to continue reading.

An NSO Group spokesperson said the company would not confirm or deny its clients’ identities. NSO Group says it vets customers and investigates any report its spyware has been abused.

The U.S. government was unpersuaded and blacklisted the NSO Group in November 2021, when iPhone maker Apple Inc. sued it, calling its employees “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.”

Those targeted in Jordan include Human Rights Watch’s senior researcher for Jordan and Syria, Hiba Zayadin. Both she and Coogle had received threat notifications from Apple on Aug. 29 that state-sponsored attackers had attempted to compromise their iPhones.

Coogle’s local, personal iPhone was successfully hacked in October 2022, he said, just two weeks after the human rights group published a report documenting the persecution and harassment of citizens organizing peaceful political dissent.

After that, Coogle activated “Lockdown Mode,” on the iPhone, which Apple recommends for iPhone users at high risk.

Human Rights Watch said in a statement Thursday that it had contacted NSO Group about the attacks and specifically asked it to investigate the hack of Coogle’s device “but has received no substantive response to these inquiries.”

Jordanian human rights lawyer Hala Ahed — known for defending women’s and workers rights and prisoners of conscience — was also targeted at least twice by Pegasus, successfully in March 2021 then unsuccessfully in February 2023, Access Now said.

About half of those found to have been targeted by Pegasus in Jordan — 16 in all — were journalists or media workers, the report said.

One veteran Palestinian-American journalist and columnist, Dauod Kuttab, was hacked with Pegasus three times between February 2022 and September 2023.

Along the way, he said, he’s learned important lessons about not clicking on links in messages purporting to be from legitimate contacts, which is how one of the Pegasus hacks snared him.

Kuttab refused to speculate about who might have targeted him.

“I always assume that somebody is listening to my conversations,” he said, as getting surveilled “comes with the territory” when you are journalist in the Middle East. But Kuttab does worry about his sources being compromised by hacks — and the violation of his privacy.

“Regardless of who did it, it’s not right to intervene into my personal, family privacy and my professional privacy.”

RelatedGoogle Links More iOS, Android Zero-Day Exploits to Spyware Vendors

RelatedUS to Adopt New Restrictions on Using Commercial Spyware

RelatedDetails Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...