Pegasus Spyware by NSO Group Found in 45 Countries

Last updated November 8, 2018
Written by:
Nitish Singh
Image Courtesy of Negative Space

1091 IP addresses from 45 countries have been identified matching the Pegasus spyware by digital rights organization Citizen Lab. The security unit is based out of the University of Toronto's Munk School of Global Affairs. The researchers were able to identify the IP addresses containing the fingerprint for spyware using a new scanning technique. However, it is unclear if the identified systems are due to an infection or if they have been targeted by foreign countries or operators.

The Pegasus spyware was designed to target iPhone and Android devices and was reported to be purchased by multiple governments. Israel based NSO group’s spyware gained notoriety, and the researchers from Citizen revealed that officials might be conducting surveillance activity from August 2016 to August 2018.

Pegasus Infections

Image Courtesy of Citizen Lab

The countries that were spotted containing the Pegasus spyware include both democratic countries as well as nations with controversial human rights records. Author Bill Marczak mentioned in his report “I can only hope that our research is causing these companies to think twice about sales where there is the potential for spyware abuse, causing potential customers to think twice about being associated with a company dealing with repressive governments, and causing potential investors to think twice about the inherently risky business of selling spyware to dictators.

The report stated that evidence of spyware abuse keeps on increasing over time by the governments. The researchers want companies that develop spyware to think twice before selling such software as it can allow repressive governments to strengthen their dictatorship.

An NSO spokesperson revealed that the list of countries that have been listed is inaccurate and that the organization does not operate in many of them. However, even if the NSO did not sell Pegasus directly to some of the listed countries, there is always the possibility of the spyware being handed down via other sources that acquired it.

What do you think about the spyware being active in so many countries? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: