Mexico continues to target activists with Israeli-made Pegasus spyware — NY Times
Citizen Lab watchdog group says country is most prolific user of tool; publishes new insights into NSO Group’s updated targeting of iPhones
Mexico was the first and is the most prolific user of Israeli company NSO Group’s highly controversial Pegasus spyware, according to a New York Times investigation.
According to the report, Mexico has continued to use the hacking software to spy on human rights activists, despite repeated promises to stop doing so. And Israel has not made any move to stop its use in Mexico, despite vowing to prevent the product from being used in any unlawful manner.
In recent years, NSO Group has found itself embroiled in international scandal after being accused of providing the highly invasive spyware to countries with poor human rights records who used it to spy on dissidents, journalists and activists — including Azerbaijan, Bahrain, Kazakhstan, Morocco, Rwanda, Saudi Arabia, Hungary, India and the UAE.
The newspaper reports that the contract between NSO and the Mexican military was signed in 2011 following a meeting in a strip club in Mexico City, and a demonstration of the spyware’s capabilities to then-president Felipe Calderón and then-defense minister Guillermo Galván Galván at a military base.
The software installs itself on a phone without requiring users to click a link, and gives the hacker complete access to the entire contents of the phone, as well as the ability to use its cameras and microphone undetected.
NSO Group has repeatedly denied claims that its spyware has been used to target human rights activists, and says that it only sells to government entities and with the approval of the Israeli government. The company is the subject of ongoing probes and investigations in many countries around the world.

Current Mexican President Andrés Manuel López Obrador has denied that his government used the spyware to hack into the phones of opposition figures or activists, and ran on a campaign promising not to use the software at all.
Citing four sources, The New York Times said Mexico’s military is the longest-running client of Pegasus, and has also used it to hack into more cellphones “than any other government agency in the world.”
Such activity, the report said, has continued as recently as the past few months, including long after Mexican politicians promised to halt the use of the spyware where it is not being used to fight crime. According to an analysis by the Citizen Lab watchdog group, human rights activists Santiago Aguirre and María Luisa Aguilar were hacked by Pegasus multiple times in the second half of 2022.
Citizen Lab published its own report on Tuesday noting that the “forensic visibility” it received through access to the hacked phones of the two Mexican civil rights activists provided it with insight into Pegasus activity.
The watchdog wrote that the spyware’s “attack techniques continue to evolve,” and that it has implemented new “exploit chains” — which can hack phones without the user taking any action — in response to the latest updates of iOS software on iPhones.
The report also stated that the latest versions of the spyware include attempts by NSO Group to “more thoroughly remove data from various iPhone log files, in an apparent attempt to thwart researchers from understanding the nature of the vulnerabilities exploited to compromise phones, and to evade detection.”
In 2021, the US Department of Commerce blacklisted NSO Group based on evidence it “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
However, earlier this month, the Times reported that the US signed a secret contract with NSO to acquire Pegasus shortly after it blacklisted the company.