NSO Group's Pegasus Spyware Sold to Authoritarian Regimes

NSO Group's Pegasus spyware was reportedly sold to government clients in over 45 countries, enabling the complete compromise of smartphones without any user interaction through zero-click exploits. The 2021 Pegasus Project investigation by a consortium of journalists found evidence of 50,000 phone numbers selected for potential surveillance, including journalists, human rights activists, and heads of state. Saudi Arabia reportedly used Pegasus to surveil associates of Jamal Khashoggi before his murder. The US Commerce Department placed NSO Group on its Entity List in 2021 for activities contrary to national security. Apple filed suit against NSO Group in 2021 for exploiting vulnerabilities in iOS.

nso-group has been the subject of increasing scrutiny over its government contracts practices. Privacy researchers and regulatory bodies across multiple jurisdictions have documented concerns about how the company handles user data, particularly regarding consent, transparency, and data minimization principles. The findings suggest a pattern of prioritizing business metrics over user privacy, a trend observed across the broader technology industry. Users affected by these practices have limited recourse without proactive intervention such as filing formal complaints with data protection authorities or submitting DSAR requests.

Regulatory responses have varied significantly. European data protection authorities have been more aggressive in enforcement under GDPR, while US enforcement remains fragmented across state-level privacy laws. The investigation highlights the need for stronger federal privacy legislation and more transparent corporate data practices. Affected users should consider reviewing their privacy settings, submitting data deletion requests, and exploring privacy-preserving alternatives recommended by independent researchers.