View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
October 3, 2022

NSO Group’s Pegasus spyware discovered on devices of Mexican activists and journalists

Though the government denies involvement, a new report suggests the controversial hacking tool is being deployed.

By Claudia Glover

Controversial spyware Pegasus has once again been used to target human rights activists and journalists, this time in Mexico, a new report suggests. The phones of at least three Mexicans were accessed using the hacking tool during the term of current leader President Andrés Manuel López Obrador, the research from Citizen Lab claims.

Reports suggest Pegasus spyware has been discovered on devices of Mexican human rights activists and journalists. (Photo by Suriel Ramzal/Shutterstock)

CitizenLab, working with Mexico’s Red en Defensa de los Derechos Digitales (R3D), says it has found Pegasus spyware being used against two journalists and one human rights activist in Mexico. Each of the individuals has been conducting research into alleged human rights abuses carried out by the Mexican government. All three were infected using zero-click attacks, meaning there was no interaction from the victims required to gain access to their respective devices. 

The report does not suggest who has launched the Pegasus attacks. Obrador has repeatedly claimed his government does not spy on citizens. In a press conference in July last year, the Mexican president said that “this does not happen. The government does not spy on anyone”.

Pegasus spyware used in Mexico activist surveillance

According to the report, human rights activist Raymundo Ramos Vázquez was targeted by Pegasus spyware at least three times between August and September 2020, after speaking to the media about the publication of a video which apparently showed the killing of civilians by the Mexican army. 

Journalist and author Ricardo Raphael was hacked with Pegasus at least three times between October and December 2019 while on tour for a book that provides an account of the Los Zetas Cartel and its origins in the Mexican army. Raphael was then targeted again in December 2020 after he accused Mexico’s attorney general of serious misconduct in the investigation of the Iguala mass disappearances case, a notorious mass-kidnapping which took place in 2014.

An anonymous journalist working at the media outlet Animal Politico was also hacked in June 2021 after publishing a report on human rights violations carried out by the Mexican Armed Forces.

The report goes on to highlight that information the victims appear to be targeted for would be useful, not only for the Mexican government, but also, “troublingly, to cartels”. These allegations come years after lawyers for cartel victims’ families were also targeted using Pegasus, CitizenLab claims.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

NSO Group told Tech Monitor that CitizenLab is unable to differentiate between NSO’s tools and those of other cyber espionage companies in operation, stating that previous reports of Pegasus being deployed “were proven to be wrong”.

A spokesperson for the company said: “Review by NSO Group is the only way to truly verify the accuracy of the data, but Citizen Lab refuses to share its data, so as to report predetermined outcomes that intentionally mislead the public. NSO does not operate Pegasus, has no visibility into its usage, and does not collect information about customers or who they monitor.

“NSO licenses Pegasus solely to law enforcement and intelligence agencies of sovereign states and government agencies following approval by the Israeli government. When we determine wrongdoing, we terminate contracts.”

The controversy of NSO’s Pegasus Spyware

Pegasus is an extremely effective form of spyware, which has allegedly been used by authoritarian regimes around the world to access devices of political opponents, human rights activists and their families. 

As reported by Tech Monitor, it was deployed on devices of officials in the UK government earlier this year. Former prime minister Boris Johnson’s office, and the Foreign Office, were both infected in April. The infections were related to operators linked to the United Arab Emirates, India, Cyprus and Jordan.

In the same month, at least five officials in the European Commission were targeted by the spyware. One month later the Spanish prime minister Pedro Sánchez and the country’s defence minister Margarita Robles were hacked and 2.73 GB was consequently lifted from Sánchez’s device. 

The software was blacklisted by the US Department of Commerce in November last year, with the department stating the NSO tool threatens “the rules-based international order” when sold to repressive foreign governments.

In August the company’s chief executive Shalev Hulio announced that he would be stepping down, to be replaced by Yaron Shohat, its former chief operating officer. NSO, which is based in Israel, claims it is now focused on selling to Nato member states following this reorganisation. 

Read more: Google calls for tighter regulations on Pegasus and other spyware

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.