We are presenting here our most complete analysis to date of the Pegasus spyware. This blog post builds on previous technical reports and forensic investigations by Amnesty International’s Security Lab. Significantly it also draws on previously unpublished internal NSO Group marketing material and internal technical material which was disclosed as part of a long-running civil case taken by WhatsApp and Meta against NSO Group in a U.S. court.
Amnesty International’s Security Lab has republished a selection of the key documents cited on GitHub, in the interest of making this important material more accessible for all researchers and advocates working on spyware accountability efforts.
We are working towards a longer report building on this investigation to be published at a later date.
–____________________________________
This technical analysis provides the most detailed view yet into the inner workings of the Pegasus spyware system. This includes confirmation of key technical capabilities such as the infection vectors and methodologies used to infect devices, supported by analysis of internal NSO Group documents, that until now had only been identified via forensic investigations. It also presents new material further validating the accuracy and significance of the dataset underpinning the original Pegasus Project investigation. Finally, this research provides an updated analysis, drawing on previously published Pegasus forensic evidence and newly released materials, to validate the technical methodology used to forensically link Pegasus spyware attacks targeting different victims as originating from the same Pegasus customer.
A key aim of this publication is to document and demystify the functionality and operations of technological systems like Pegasus. We hope that it will inform the wider spyware accountability community on how complex surveillance systems such as Pegasus are used by government customers, and also illustrate the key and ongoing role of spyware vendors in keeping such systems operational. We believe this public understanding is of critical value to technologists, researchers, and policy makers and others with an interest in understanding the targeted surveillance ecosystem and threats posed to human rights by surveillance technologies.
The contents of this technical research draw heavily on a large pool of confidential NSO Group training material, presentations and internal technical documentation which were disclosed as part of a long-running civil case taken by WhatsApp and Meta against NSO Group in U.S. court. This new material provides an unprecedented insight into the evolution of NSO Group’s spyware. It also reveals the close and ongoing collaboration needed between Pegasus customers and NSO Group to keep the complex spyware system operational.
This technical analysis has been prepared by Amnesty International’s Security Lab in its role as a technical partner to a new Forbidden Stories investigation building on the findings of the 2021 Pegasus Project. As technical partner, Amnesty International’s Security Lab provided analysis of evidence relating to the use of surveillance technologies, including NSO Group’s Pegasus spyware.
1. The Pegasus infection process from the attacker perspective
Pegasus is sold to governments as an “end-to-end” cyber-intelligence solution. NSO Group is responsible for building and integrating the various technical components needed to perform spyware attacks, including creating exploits and infection vectors, deploying and monitoring anonymization servers, and designing a user interface which allows the ultimate end-user – a government customer – to perform highly technically sophisticated attacks with little need for technical capabilities of their own.
Key components of the system, including the Pegasus user dashboard and the storage servers which archive surveillance data gathered from a victim’s device, are installed locally in the customer country, often in a server room at the customer site or headquarters.
However, other important components of the Pegasus system, particularly those used to send attacks and securely transfer the surveillance data from infected devices, are run and managed by NSO Group.
To keep attacks from being traced back to the customer, NSO Group operates much of the delivery and relay infrastructure in a anonymized fashion. In NSO’s own terminology, this is referred to as “whitened” infrastructure. A dedicated NSO team, “White Services” is responsible for acquiring this infrastructure while aiming to prevent any attributable connection to NSO Group or the Pegasus customer. Much of the server infrastructure appears to be paid for with cryptocurrencies in order to achieve that goal. (Source: “Video Deposition of Ramon Eshkar”, ECF 796-5 pg 84). To avoid cross-contamination, NSO Group builds separate independent infrastructure and accounts for each customer, where technically feasible.

Figure 1: “Anonymized nodes server only a single client” (Source: “Pegasus version 3.0 – Product Description. August 2018”, ECF 796-15 pg 14)
The NSO Group ‘managed services’ fall into two key categories: the anonymizing server and relay network, and the “whitened” accounts used to send exploits and interact with external service providers (such SMS messaging services).
The first category includes what NSO Group has termed the “Pegasus Anonymizing Transmission Network” (PATN), which is the custom VPN network used to hide the location and actions taken by the Pegasus customer system. It is used to send the spyware payload to the target device, and to forward collected surveillance data back to the customer’s on-site system, arranged so that neither the target nor an investigator can readily identify the customer or the wider Pegasus network behind it.
The second category, examined later in this report, includes the individual attack accounts, infection domains and servers used against a customer’s targets. The “White Services” department creates, as a standard practice, fresh, customer-specific accounts and domain names for each customer (Source: ECF 800-3 pg 2–11). This practice aligns with the Security Lab’s own forensic observations that a given account or domain is only found on target devices which could plausibly have been targeted by the same customer. This crucial observation, now confirmed by NSO Group documentation, allows attacks to be reliably clustered and attributed based on forensic evidence.
Due to the complex technical nature of the spyware system and network, NSO Group maintains a Network Operation Center (“NOC”) responsible for monitoring customer systems for technical faults and or operational security alerts. Customer-facing documents state that while NSO Group’s support staff and the NOC “can see security alerts, they cannot view any collected target or operational-related data” (Source: “Pegasus version 3.0 – Product Description. August 2018”, ECF 796-15 pg 22). This real-time monitoring capability suggests that NSO Group must receive some level of telemetry or alerts from customer systems, necessary to detect failed or exposed infection attempts.

Figure 2: 24/7 Support Center monitors security (Source: ECF 796-15 pg 22).
The Pegasus Dashboard: Users, Groups, and Cases
Central to the customer’s use of the spyware is the Pegasus dashboard. It allows the spyware operators, working for NSO’s government customers, to manage and interact with all key aspects of the system including launching new spyware infections and analysing the retrieved surveillance data.

Figure 3: The Pegasus 3 Dashboard (Source: “Pegasus 3 – Introduction” presentation, ECF 796-13 pg 25)
NSO Group provides the Pegasus dashboard as a user-friendly browser-based console, only accessible locally on the government customer’s premises. The system is built with confidentiality in mind. The system distinguishes multiple roles for each individual user account such as analyst, operator, supervisor, and administrator.

Figure 4: Tiered permissions limiting case visibility by user and group (Source: “Pegasus 3 – Introduction” presentation, ECF 796-13 pg 29)
Any surveillance operation using Pegasus is managed and controlled inside “groups” and “cases” (See Figure 4). System administrators or other individuals on the customer-side with supervisor privileges can assign specific individuals, termed ”analysts”, to one or more groups. Groups are used to manage system permissions for analysts, determining which cases they have access to. Once assigned to groups and cases, analysts gain the ability to view gathered surveillance records and, depending on system permissions, to launch new surveillance operations. This layered permissions system means access to case information is tightly restricted on the customer side and on a need-to-know basis. Individual analysts are only able to see their assigned cases and do not have visibility into how the overall system is being used. Individual analysts and cases can be assigned to more than one group.

Figure 5: A case organizes targets around a key intelligence topic (Source: “Pegasus 3 – Introduction” presentation, ECF 796-13 pg 15)
Targeting in the Pegasus system begins with the opening of a “case”. A case is used to “organize and manage targets” and can be used to group intelligence-gathering efforts around a “key intelligence topic” such as a particular organization or a particular investigation (Source: “Pegasus 3 – Introduction” presentation, ECF 796-13 pg 22). Multiple individual targets can be added inside a single “case”.
Launching a Pegasus attack: target selection, device fingerprinting, and vector delivery
Once the case is created, the spyware operator (the person using the Pegasus system) can add new prospective spyware targets to the case. For each target, the operator can enter one or more phone numbers. The target phone number is the primary identifier used in the Pegasus system. The phone number is often all that is needed to perform an attack.
Pegasus training material describes situations where it may not be possible to attack a target directly, for example if they do not use a smartphone or are highly security conscious in how they use their device. In those circumstances, NSO Group suggests expanding to “close-circle infection”, targeting others connected to the target, potentially including colleagues, friends or family members of the primary target in order to gather information about them indirectly.
Pegasus use has previously been documented against the family members of political opposition members and journalists, including some who were children when they were targeted.

Figure 6: Close-circle infection (Source: “Pegasus 3 – Introduction” presentation, ECF 796-13 pg 16)
Once the target phone number is added, the Pegasus system will then perform “fingerprinting” steps to determine critical information about the target device. This verification step is needed before an attack can be launched. The fingerprinting step includes checking:
- if the target phone number is attached to a smartphone (rather than another type of device),
- if the phone runs Android or iOS,
- if the phone is currently switched on and connected to the mobile network,
- the phone’s current network,
- if the phone is roaming in another country and
- what apps are installed on the device (such as WhatsApp or iMessage).
This fingerprinting process occurs only after the target phone number has been entered by the Pegasus operator as a potential target. As this process can require active probes being sent to the target device and network, it has the potential to leave forensic traces in various locations, such as in logs of which messenger accounts have tried communicating with a device.
When referring to Pegasus Project records, Amnesty International uses the terminology selected or selected for targeting to refer to phone numbers entered in the Pegasus system as potential targets. Being entered in the system and selected as a target already shows the intention of the Pegasus operator to carry out covert surveillance on the target device, whether or not it was ultimately infected.

Figure 7: Validation steps the system performs before launching an attack (Source: “Mobile Endpoint – Product Description”, ECF 796-15 pg 46).
The fingerprinting results help the Pegasus system, and the spyware operator using it, to determine if they have a viable opportunity to attempt infecting the device, and if so, which “installation vector” (exploit) should be used against the target. NSO Group internal material appears to use the term “vector” broadly, referring at times to a particular exploit, and other times to a broader capability (i.e zero-click targeting WhatsApp). We will similarly use “vector” to refer both to the attack technique and to specific exploits.
Each Pegasus deployment is bound by licensing restrictions on the customer side, including the number of unique targets, the number of simultaneous infections and the countries that may be targeted. The country code of the target’s number and the phone’s current location are checked against these terms before an infection can proceed. Certain countries, such as the United States and Israel, are barred for most customers. However, this is a policy rather than a technical limitation, and NSO Group has indicated that customers based in those countries could be provided the capability to infect local numbers. There are also likely exceptions for NSO Group-managed systems used to perform demonstrations of the product for potential customers, as will be seen later in this report.
The list of permitted countries can change over time, and a customer may license additional countries subject to approval by NSO Group and most likely the relevant export authority.
The Pegasus infection process
Group). The set of supported vectors is constantly evolving as new vectors get developed by NSO Group and exploits get patched by device vendors or otherwise stop working. These are broadly divided into zero-click (“Covert”) or 1-click (“Triggered”) vectors, defined by the user-interaction required for the infection process to succeed. Section 3 (“The evolution of Pegasus Infection Vectors”) reviews what is known about Pegasus infection vectors in more depth.
Once the operator approves the infection attempt (“Installation”), the Pegasus system will begin carrying out the spyware infection process in the background. The operator can monitor the stages of the infection attempt and will get a notification if the spyware agent is successfully installed on the device, or if it fails for some reason.
Figure 8: Diagram showing manual steps triggered by the operator, and automatic steps managed by the system (Source: “Pegasus version 3.0 – Product Description. August 2018”, ECF 796-15 pg 14)
Documents from the WhatsApp court case include a screenshot of a failed Pegasus infection attempt which provides further details about the infection process. The status page (shown below in Figure 9) shows the home mobile operator and current network of the target’s phone number, information likely derived from a Home Location Register (HLR) lookup. An HLR lookup reveals which network or country a mobile subscriber is currently connected to, without alerting the subscriber. A separate internal NSO Group document indicates that HLR lookups are an integrated part of the target validation process (Source: “Pitch: Happy Flow”, ECF 679-6 pg 95).
The screenshot also shows that the selected installation method was “Covert” (zero-click) and as such did not require use of an SMS message provider or a social engineering cover story. Additionally, the failure message says “interaction was made with the device; you may try again later”, showing that failed infection attempts could also result in forensic traces being left on a device. Internal design documents show NSO Group explicitly addressing and documenting device interactions and other operational security risks when designing new infection vectors.

Figure 9: Error message showing a failed “Covert” (zero-click) infection attempt (Source: “Expert Report of Anthony Vance”, ECF 796-6 pg 13)
Other operational security and targeting restrictions also apply to protect the customer and NSO Group from exposure, including limiting how often the same person can be targeted, and the wait period between subsequent targeting attempts. These operational security restrictions differ between vectors and NSO Group appears to maintain a system called “Abuse Prevention” to manage these restrictions for customers (Source: ECF 796-18 pg 14). Spyware operators may want to test the system and ensure a vector is correctly configured before launching it against an important target. This appears to have been common practice. An NSO Group employee described in court testimony that the Pegasus system had a “whitelist” feature to allow repeated test infections, without any waitperiod restrictions, against one or more testing devices in the possession of the customer. (Source: “Video Deposition of Ramon Eshkar”, ECF 796-5 pg 82). The show that customers may perform test infections as part of normal usage of Pegasus system.
Such repeated infection attempts would otherwise be blocked for operational security reasons. This testing activity would result in the operator or operator-controlled phone numbers being selected as a target phone number, and in the spyware operator’s test numbers being recorded in logs created by the Pegasus system. As a result, investigations drawing on Pegasus Project targeting records have been able to identify suspected spyware operator-owned phone numbers selected in multiple countries, likely for testing purposes.

Figure 10: Demo Pegasus interface showing the status of various installation attempts (Source: “Expert Report of Anthony Vance”, ECF 796-6 pg 15)
After a successful installation, the operation moves from targeting to collection. The “Investigate” area of the dashboard (second tab seen in the top left corner of Figure 10) lets the operator view and manage all data exfiltrated from the compromised devices. For each compromised device, the data is organized by data type including calls, messages, email, calendar, contacts, browsing, files, applications, and photos.

Figure 11: Pegasus interface shown to operator after successful infection of a target (Source: “Pegasus 3 – Introduction” presentation, ECF 796-13 pg 25)
Notably, the system also presents a “credentials” tab, likely containing saved passwords, authentication tokens and other credentials gathered from the victim’s device.
Access to these stolen credentials provides an opportunity for the Pegasus operator to gain and maintain access to sensitive online accounts of the victim, even when the mobile device itself is no longer infected. Indeed, partial redacted documentation from a 2018 Pegasus product description explicitly talks about the power of data accessible from cloud accounts “Cloud brings in a continual flow of information that can last months at a time.

Figure 12: Description of Pegasus data collection capabilities from cloud accounts (Source: “Pegasus version 3.0 – Product Description. August 2018”, ECF 796-15 pg 12)
In addition to providing access to collected surveillance data, the Pegasus dashboard also allows the spyware operation to queue up new actions (“Commands”) to be performed on the infected target device. In Figure 13 below, the “Commands” module allows active commands to be sent to one or more targets in a group, including to take photos using the phone’s camera, turn on the phone’s microphone or report the location of the target. Other documents indicate that such active steps (“recording from the microphone”) can be pre-scheduled and run automatically when the target is known to have an important meeting scheduled in their calendar.

Figure 13: Pegasus commands module allowing for manual action to be launched on the target device. (Source: “Pegasus 3 – Introduction” presentation, ECF 796-13 pg 27)
The newly public NSO Group material provides valuable new evidence on internals and capabilities of a sophisticated mercenary spyware product. The documents confirm and validate years of civil society research on the operations and functionality of the Pegasus spyware. They also provide new and important visibility into the workflow and exact methodology used by customers of the Pegasus spyware to target and infect devices.
All of the Pegasus marketing material, technical documentation and other documentation cited in this section originates from legal fillings in the WhatsApp v NSO Group lawsuit which are now in the public domain. All referenced material has also been mirrored to support further research efforts.
2. New material further validates significance of Pegasus Project leak
As part of the 2021 Pegasus Project, Amnesty International had access to a leaked database of phone numbers selected as potential Pegasus targets by NSO Group customers around the world. Numerous individuals, whose phone numbers appear in the original leak, have later been forensically confirmed to have been infected with Pegasus, by many different Pegasus customers.
The underlying dataset is clearly divided into distinct groups of phone numbers which, in most cases, map directly to a specific Pegasus customer or customer system. This allows for a presumptive attribution based on the geographical scope and individual targets selected in each group. For ease of reference, we will refer to the distinct groups of targeted phone numbers as “clusters” rather than “customers” or “operators” because not all groups map directly to specific production customers.
Some of these target groups or “clusters”, as will be shown, appear to tie directly to internal NSO Group controlled Pegasus systems used when performing pre-sales demos of the Pegasus system for potential clients given the evidence in the WhatsApp filings. Another cluster appears to have been used for internal testing within NSO group, with phone numbers associated with multiple NSO Group staff members appearing in that cluster.
Two of the clusters in the original Pegasus Project leak map directly to a Pegasus deployment which NSO Group internally refer to as “Sales 3” and “Sales 6”, identified in the documents from the WhatsApp court case. A screenshot of a Pegasus dashboard (Figure 10) included in the WhatsApp filings shows numerous apparent test infections targeting numbers in various countries in 2019 including Israel, Peru, Brazil and the United States (Source: “Expert Report of Anthony Vance”, ECF 796-6 pg 15). Many of these same phone numbers also appear in the Pegasus Project cluster which we infer is tied to “Sales 3” system.
Additionally, a US phone number “+12027655322” – which WhatsApp court-filings indicate was used by an NSO Group sales representative – was repeatedly selected for targeting in two Pegasus Project clusters corresponding to NSO Group’s “Sales 3” and “Sales 6” systems. Pegasus Project records show the phone number was selected for targeting again on 9 May 2019, the same day that the NSO Group representative sent a screenshot of a failed infection attempt targeting that phone number to NSO Group’s Network Operations Center (NOC).

Figure 14: Installation status panel for Pegasus on the phone number +12027655322. (Source: “Expert Report of Anthony Vance”, ECF 796-6 pg 10)
The same witness document filled by WhatsApp also includes an infection attempt in May 2019 targeting a Peruvian phone number “+51937742595”, again apparently as part of a demonstration. The Pegasus Project records again show the same Peruvian phone number was selected on 7 May 2019 in the two clusters associated with NSO Group’s “Sales 3” and Sales 6” Pegasus deployments.

Figure 15: Installation status panel for Pegasus on the phone number +51937742595. (Source: “Expert Report of Anthony Vance”, ECF 796-6 pg 13)
In sum, the newly disclosed WhatsApp material provides a further, independent verification of the evidentiary value of the Pegasus Project dataset. The dataset repeatedly records phone numbers belonging to NSO Group employees, falling within clusters that correspond to internal Pegasus deployments used for software testing and pre-sales demonstrations, including two which NSO Group internally labels “Sales 3” and “Sales 6”. This close correspondence between infection attempts carried out on NSO Group-managed Pegasus systems and Pegasus Project records, demonstrates that the Pegasus Project data reflects and corresponds with genuine activity on Pegasus systems. It stands in direct contradiction to NSO Group’s repeated position that “we still do not see any correlation of these lists to anything related to use of NSO Group technologies” (Source: The Guardian, 18 July 2021).
The Pegasus Project records are highly consistent with the findings of Amnesty International’s independent forensic investigations. Individuals whose devices we have forensically confirmed as targeted and infected with Pegasus, reappear in the Pegasus Project records as targets of one specific Pegasus customer system. In these cases, the victim’s phone number was frequently selected, or re-selected, shortly before an infection attempt was carried out, as evidenced by the Whatsapp filings.
3. Evolution of Pegasus Infection Vectors
Internal NSO Group documentation and marketing material describes the evolving set of infection vectors (exploits and infection techniques) offered to customers over time, from targeting Blackberry devices as seen in an early 2013 brochure, to developing advanced attacks targeting iPhones. Broadly these include Triggered (1-click), Covert (zero-click), Tactical Network Element (“Network injection via MiTM”), and Inline (network injection), and “Physical” where the operator has physical access to the device. One redacted methodology most likely refers to infection of a device over radio interfaces (such as WiFi or Bluetooth) when “within range” of the target device (Source: “Pegasus version 3.0 – Product Description. August 2018”, ECF 796-15 pg 12).


Figure 16: Excerpt from Pegasus product manual showing support infection methodologies (Source: “Pegasus version 3.0 – Product Description. August 2018”, ECF 796-15 pg 12)
Zero-click attacks are preferred in the system where available and supported for the target device. When a zero-click or “Covert” attack vector is not supported for a particular device, the system will suggest performing a “Trigged” infection. The Pegasus system can then aid the operator to craft and send a tailored social engineering message to attempt to infect the target (see Figure 17).
The precise vector (or exploitation technique) is not necessarily revealed to the operator. Instead, the system proposes the best high-level approach based on the current system capabilities and the target’s device, labelling it in broad terms such as “iOS Covert”, “Android Covert” or “iOS Triggered”.
The set of infection vectors supported by NSO Group has evolved over time due to the development of new capabilities and the changing set of devices and operating systems used by targets. Older NSO Group marketing material from 2013 describes capabilities to infect Blackberry devices which appears to have become less important as Android and iOS devices have come to dominate the mobile phone market.
Pegasus 1-click attacks require action from the target to enable the infection of their device, typically by opening a malicious link. Various social engineering techniques are used to trick the target into opening the link, including spoofing legitimate websites or news articles.

Figure 17: Screenshot of a Viber message containing a 1-click attack, received by the Serbian journalist “Bogdana” on her iPhone (Source: Amnesty International. Serbia: Journalists targeted with Pegasus spyware).
If clicked on, the attack link loads an exploit chain to first compromise the web browser and ultimately install the spyware agent on the target device. Amnesty International’s Security Lab has detected 1-click Pegasus spyware attacks on multiple occasions, including in Serbia, Poland, India and Mexico, among others.
The same zero-day exploits which target web-browsers can also be used to perform a form of zero-interaction attack, if the Pegasus customer has the cooperation of the target’s mobile operation. So-called network injection attacks use networking traffic manipulation to redirect a target’s phone to a malicious spyware infection URL simply while the target is browsing the web.
Infection with Zero-click attacks
Forensic investigations conducted prior to this technical research indicate that NSO Group had remote zero-click capabilities against iOS from at least 2017, and against most Android devices from early 2018.
These insights into NSO Group infection vectors gleaned from forensic investigations are now validated and significantly deepened by new NSO Group material disclosed as part of the WhatsApp case. Zero-click vectors targeting Android devices via WhatsApp were the only Covert/zero-click vector method in the 2018-2020 period, although the exact underlying exploit changed over this time. The expert report of Anthony Vance reproduces an internal NSO support document recording that “Pegasus 2.50 is officially approved for production. This version introduces: – Heaven – the first 0-clicks installation vector for Broad Android devices!”, and states that “Other installation attack vectors used by Pegasus/Phantom are ‘Eden’ and ‘Erised,’ and these and Heaven are referred to by the umbrella term ‘Hummingbird,’ all of which exploit WhatsApp in order to install Pegasus/Phantom” (Source: ECF 796-6 pg 17). Heaven was first released for production use around January 2018 (Source: ECF 796-19 pg 13). The ERISED vector was delivered via WhatsApp but appears to have only been functional on Samsung devices. The Samsung-only exploit shows similarities to more recent in-the-wild Samsung zero-click exploits, which used manipulated DNG files targeting the Quram library, an image parsing library specific to Samsung devices.
NSO Group also had multiple iOS vectors during that time, although the WhatsApp material is less detailed on these vectors. A zero-click vector “Diablo” was available in 2018 and likely corresponds to an exploit targeting iOS 11.X devices which has been observed forensically as targeting the Voice-over-WiFi implementation on iOS. A message from an NSO pre-sales engineer, put to Joshua Shaner at his deposition, lists the vector alongside Heaven: “Tomorrow at ten we’ll have a demo in Israel for a potential client visit (Smart). Sales 4, one-click, Diablo and Heaven. Thanks.” (Source: ECF 796-5 pg 129) NSO Group later rolled out a new iOS 12.X vector “Dragonfly” which targeted via iMessage. The vector was used very actively throughout 2019 until the vector was likely inadvertently mitigated in iOS 12.4.1 in response to Google Project Zero research into the iMessage zero-click attack surface (Source: Virus Bulletin 2022, “Exploit archaeology: a forensic history of in-the-wild NSO Group exploits”).
Previous forensic investigations by Amnesty International’s Security Lab have found that NSO Group continued to deploy further iPhone zero-click exploits in 2020 and 2021 including an iOS 13 zero-click vector targeting Apple Photos, an iOS 13 zero-click exploit targeting iMessage (publicly termed KISMET) and the widely documented iOS 14 zero-click (publicly termed Megalodon/FORCEDENTRY).
5. Forensic Attribution of attacks based on customer-specific Indicators of Compromise
Testimony from NSO Group employees, published following the WhatsApp litigation, describes a dedicated team – the “White Services” department – responsible for anonymously registering the email addresses, WhatsApp accounts, servers and domains needed for Pegasus on behalf of each customer. The team set these up in a deliberately anonymized way, to shield the customer and the wider Pegasus infrastructure from discovery by the targets or researchers (Source: Ramon Eshkar Designation List Report, ECF 800-3 pg 2–11).
The Pegasus zero-click vectors which target Apple devices will typically be configured by the operator with specially created “attack” accounts used to send exploits over Apple services like iMessage. Historically, NSO Group’s “White Services” (see Section 1, above) team has first created anonymous Google or Outlook email accounts, and later registered these accounts for use with iCloud to be used in Apple device targeting. This is why many of the malicious Apple accounts used for Pegasus attacks and detailed in this section are also Gmail addresses.
As discussed in Section 1 earlier, for operational security reasons, NSO Group prepares a distinct, isolated set of infrastructure for each customer. While this is intended to protect customers from exposure, historically it has also provided a key opportunity for the forensic attribution of observed Pegasus attacks to a specific Pegasus customer.
It is possible to use customer-specific indicators of compromise (IoCs), such as iCloud accounts used to send zero-click infection attempts, to forensically link (or cluster) multiple Pegasus infections as having been performed by the same Pegasus customer. The unique, per-customer assignment of a zero-click attack account is what allows attacks to be clustered and attributed: where the same iCloud account appears across multiple targets, those targets were selected by the same Pegasus customer. Phone numbers targeted by the same attack accounts have typically had a geographic or thematic link that suggests a common Pegasus operator. Other technical evidence, such as the timeline of attacks, reinforces the evidence that attack infrastructure is customer-specific. Across hundreds of cases, Amnesty International has never detected evidence to suggest a single attacker account or infection domain being used by more than one Pegasus customer.
Zero-click attack accounts are also understood to be created for use with a specific infection vector. Different WhatsApp accounts were created and used when a new variant of NSO Group’s WhatsApp zero-click was launched. Similarly, forensic analysis carried out by Amnesty International’s Security Lab has found different Apple accounts being used when a new iOS zero-click vector is deployed by the same customer.
In some instances, multiple Pegasus-linked malicious iCloud accounts were observed sending probes to a target phone over a number of minutes, likely indicative of the customer’s Pegasus system automatically testing different infection vectors to see which can be used to infect the device. Testimony from NSO Group employees indicates the choice of vector was made internally in the system, and was not a visible choice for the surveillance operator. This behaviour, where multiple Pegasus attacker accounts were used to probe the same target device, also allowed researchers to link the unique email accounts used for different vectors to the same customer.
6. Conclusion
The internal NSO Group material disclosed in the WhatsApp litigation, supporting and enhanced by Amnesty International Security Lab’s forensic investigations, provides the most complete picture to date of how the Pegasus system is built, operated and maintained. Three findings are particularly notable.
First, Pegasus is not a product that is operated autonomously by the government customer. NSO Group builds new exploits and infection vectors, registers and operates the “whitened” (anonymized) infrastructure used to deliver them, and runs a “Network Operation Center” to monitor key components of the system, including responding to security alerts raised by failed or potential detected attack attempts. Every software update released by the companies selling mobile devices and managing their operating systems (such as Apple) can break infection vectors or techniques, requiring ongoing maintenance and support by NSO Group for any customer system to remain functional. The system cannot operate without NSO Group’s ongoing involvement.
Second, the newly disclosed documents independently corroborate the authenticity and accuracy of the leaked dataset foundational to the Pegasus Project. Two clusters of target phone numbers in the leaked Pegasus Project records link directly to two internal NSO Group-managed Pegasus deployments that NSO Group internally labels “Sales 3” and “Sales 6”, used for pre-sales demonstrations. Other clusters appear to be linked to a Pegasus system used for internal testing.
Test infection attempts shown in NSO Group’s own Pegasus dashboards appear in the Pegasus Project records with the same specific test phone numbers and matching targeting dates. As previously documented in the original Pegasus Project, the records also correspond closely with forensically confirmed infections against the same targeted devices and phone numbers. NSO Group has long claimed that the Pegasus Project data bears no relation to its technology. The forensic evidence and confirmation with NSO Group’s own testing of Pegasus shows otherwise.
Third, NSO Group’s “White Services” team registers unique attack infrastructure for each customer, including Apple IDs and their associated email addresses, domains and servers. Amnesty International has never observed a given attacker account or infection domain being used by more than one customer at any time. The accounts and domains recovered in forensic analysis therefore function as customer fingerprints. Where the same account or domain recurs across different victims, Amnesty International assesses that those victims were targeted by the same customer.
Evidence relating to the “White Services” team validates the methodology of the spyware accountability community in linking clusters of spyware attacks to the same operator. The same methodology has and continues to be invaluable for the further attribution of Pegasus spyware attacks to the responsible customer.


