Pegasus Spyware Targeted Over 1,200 WhatsApp Users, Court Documents Show
According to a newly released court document, NSO Group’s Pegasus spyware was used in a 2019 hacking campaign to target a total of 1,223 WhatsApp users across 51 countries, including the Czech Republic and Hungary.
The court filings, published last week, were submitted by Meta as part of a lawsuit it filed in 2019 against the Israeli spyware manufacturer NSO Group. Meta accuses the surveillance tech company of exploiting a vulnerability in its messaging app WhatsApp and infecting the phones of 1,223 users in just two months. Targets of the attack included human rights defenders, journalists, and other members of civil society.
The court document specifically lists the countries where victims infected by Pegasus were located.
The highest number of victims was in Mexico (456 individuals), India (100), Bahrain (82), Morocco (69), Pakistan (58), Indonesia (54), and Israel (51), according to a table titled “Number of victims by country” submitted to the court by WhatsApp.
Victims were also identified in countries such as Spain (12 victims), the Netherlands (11), Hungary (8), France (7), the United Kingdom (2), and the United States (1). One victim was based in the Czech Republic.
“Dozens of articles have been written over the years documenting the use of Pegasus around the world,” cybersecurity expert Runa Sandvik, who has long tracked cases of spyware surveillance, told TechCrunch. “But what’s often missing in those stories is the actual scope of the attacks—the number of victims who were never informed, whose devices were never examined, who chose not to share their story publicly. This list we’re seeing here—456 cases in Mexico alone, a country where civil society victims are already well documented—clearly shows the real scale of the spyware problem,” Sandvik said.
NSO Group and Its Clients
Founded in 2010, NSO Group states on its website that it “helps government agencies prevent terrorism and crime to save thousands of lives around the world.” The company is closely linked to the Israeli government, military, and intelligence services. The spyware itself is classified as a weapon, meaning NSO Group can only work with clients approved by Israel’s Ministry of Defense.
More specifically, the export of NSO’s spyware requires a license granted by the Ministry. Since 2007, Israeli law has regulated the export of cyber technologies. The Defense Export Control Agency (DECA), operating under the Ministry of Defense, is said to “strictly limit” the licensing of certain surveillance tools, making decisions based on its own assessment of potential clients.
Reportedly, there have been instances in which the agency refused to grant NSO the necessary export license. NSO Group claims it sells its software only to security services in democratic countries, where it is used to fight crime. However, media reports suggest that the Israeli state has also used the sale of the software as a diplomatic tool to build and strengthen ties with other nations. In fact, NSO has sold licenses to non-democratic regimes as well.
That said, the presence of a victim in a given country does not necessarily mean that the country’s government was the one that deployed Pegasus against them. The spyware could have been used by a different customer targeting someone located outside their own borders.
As reported by CTech, Syria appears on the list with eleven victims, despite being a country to which NSO is prohibited from selling Pegasus. This suggests that Syrian targets may have been attacked by third countries or foreign intelligence services. On the other hand, countries with the highest number of victims listed in the new court document—Mexico, India, Bahrain, and Morocco—had previously been reported as NSO Group clients.
For example, according to a 2023 New York Times article citing Mexican officials, Mexico spent more than $60 million on NSO Group spyware, which could explain the high number of Mexican victims on the list.
Beyond the victim list, the lawsuit filed by WhatsApp led to further revelations—such as the fact that NSO Group terminated access for ten government clients following reports of abuse, and that its WhatsApp hacking tool cost up to $6.8 million per year in licensing fees. In 2019 alone, the company earned “at least $31 million.”
Last year, WhatsApp secured a landmark legal victory when a U.S. court ruled that NSO Group had violated American anti-hacking laws by targeting WhatsApp users. The next phase of the legal process will determine the amount of compensation the spyware maker must pay to WhatsApp.
Surveillance of Journalists and Activists
The misuse of spyware by governments has been documented by Investigace.cz as part of the global journalistic Pegasus Project.
The most recent known spyware attack targeting journalists took place in Serbia. Amnesty International found evidence that, in February this year, two editors from the Balkan Investigative Reporting Network (BIRN) were targeted through a malicious link sent via the Viber messaging app. This marks the third time in two years that Amnesty has identified the use of Pegasus spyware against Serbian civil society.
The two journalists attacked in February 2025 work for BIRN, a platform whose reporters regularly face threats, harassment, and SLAPP lawsuits—including from high-ranking officials. One example is the current mayor of Belgrade, Aleksandar Šapić, who has filed two separate lawsuits against BIRN Serbia, claiming their reporting defamed him, damaged his reputation, and caused psychological harm. According to BIRN, however, Šapić himself violated the law by failing to declare a villa he owns in Italy to the authorities.
In October last year, it also emerged that the previous Polish government used Pegasus against women’s rights activist Klementyna Suchanow. Similar abuses have been uncovered in other European countries, including Greece and Spain. Hungary was the first EU member state to admit using the spyware.
The Czech version of this story was published on Investigace.cz.
Subscribe to “Goulash”, our newsletter with original scoops and the best investigative journalism from Central Europe, written by Szabolcs Panyi. Get it in your inbox every second Thursday!
