Amnesty International’s Security Lab has confirmed that at least four Kazakhstani civil society activists have had their mobile devices infected with NSO Group’s Pegasus spyware. A forensic analysis shows that all four activists had been targeted and their devices infected from as early as June 2021, Amnesty International said today.

In June 2018, an Amnesty International staff member received a malicious WhatsApp message with Saudi Arabia-related bait content and carrying links Amnesty International believes are used to distribute and deploy sophisticated mobile spyware. Through the course of our subsequent investigation we discovered that a Saudi activist based abroad had also received similar malicious messages. In its analysis of these messages, Amnesty International found connections with a network of over 600 domain names. Not only are these domain names suspicious, but they also overlap with infrastructure that had previously been identified as part of Pegasus, a sophisticated commercial exploitation and spyware platform sold by the Israel surveillance vendor, NSO Group.