In September 2018, The Citizen Lab, a Canadian cybersecurity organisation, published a comprehensive report identifying 45 countries, including India, in which the spyware was
being used. https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/
Between August 2016 and August 2018, we scanned the Internet for servers associated with NSO Group’s Pegasus spyware. We found 1,091 IP addresses that matched our fingerprint and 1,014 domain names that pointed to them. We developed and used Athena, a novel technique to cluster some of our matches into 36 distinct Pegasus systems, each one which appears to be run by a separate operator...Our findings paint a bleak picture of the human rights risks of NSO’s global proliferation. At least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.
This article gives some technical details..on how it is done..
This report identifies 45 countries with suspected Pegasus spyware infections operated by at least 33 likely NSO customers. We determined this by performing DNS cache probing on domain names we extracted from command and control (C&C) servers matching a newly devised fingerprint for Pegasus. We grouped the C&C servers, with each group representing a single Pegasus operator (assumed to be an NSO customer) using a technique that we call Athena. The resulting global map of NSO Pegasus infections reveals several issues of urgent concern.
Known spyware abusers operating Pegasus
While some NSO customers may be using Pegasus spyware as part of ‘lawful’ criminal or national security investigations investigations, at least six countries with significant Pegasus operations have a public history of abusing spyware to target civil society.
Widespread cross-border surveillance with Pegasus
Ten Pegasus operators appear to be conducting surveillance in multiple countries. While we have observed prior cases of cross-border targeting,
Failures at due diligence, contribution to global cyber insecurity
The cases identified in this report raise serious doubts as to the depth and seriousness of NSO’s due diligence and concern for human rights protections. They also suggest that the company has a significant number of customers that maintain active infections in other countries, likely violating those countries laws.
Reckless Exploit Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/
https://tspace.library.utoronto.ca/bitstream/1807/96731/1/Report%2393--recklessexploit.pdf