Two years after the publication of the Pegasus Project, the Pegasus map aims to gather all the information known to date on the spyware. Victims, client countries, judicial and parliamentary investigations: find all this information country by country on the Pegasus map at the bottom of the page.
Published in 2021, the Pegasus Project identified the existence of more than 50,000 potential spyware targets in about 50 countries. According to the data, the largest number of victims is concentrated in Mexico where more than 15,000 numbers were selected.
In total, the investigation identified 12 client governments out of the 40 claimed by NSO, which has always refused to reveal its client list: Saudi Arabia, Azerbaijan, Bahrain, the United Arab Emirates, Hungary, India, Kazakhstan, Mexico, Morocco, Poland, Rwanda and Togo.
For the Pegasus Project, Amnesty International's Security Lab experts analyzed the devices of 67 smartphone users whose numbers appeared on the list of potential targets. In total, they found traces of Pegasus on 37 devices, including in Azerbaijan...
In France…
In Hungary…
In India…
And in Mexico.
Since the revelations of the Pegasus Project, dozens of other Pegasus victims have been identified, including in Armenia, El Salvador, Israel, Jordan, Poland and Spain, among others.
In all, to date, evidence of Pegasus attacks has been found in the phones of more than 420 individuals of over 30 nationalities across four continents, including more than 120 journalists and more than 130 human rights activists, political activists and lawyers.
Six countries have confirmed that they have purchased Pegasus spyware. Mexico, Germany, Hungary, Poland, Spain, Israel.
In the United States, the FBI confirmed the purchase of a "limited license" of the spyware but said there had been "no operational use in support of any investigation," and that it used the software "for product testing and evaluation only."
The impact of the Pegasus Project has been global.
Immediately after the publication of the investigation, demonstrations were organized in several countries, including Hungary and India, where the scandal, dubbed "Indian Watergate," also caused a political crisis. Diplomatic tensions emerged, including between France and Israel.
In the year following the revelations on the use of the spyware, eight countries and the European Union announced the opening of judicial and parliamentary investigations.
The European Parliament adopted the recommendations of its inquiry committee in June 2023, calling on the European Union to implement stricter regulations around spyware usage, sale and production.
Since the Pegasus Project, several complaints have been filed against NSO Group, including by Apple. After WhatsApp, this is the second of the so-called Big Four tech companies to sue NSO Group. In November 2021, the United States blacklisted NSO Group and in March 2023, it announced an executive order to ban U.S. government use of commercial spyware that “poses risks to national security.” As for NSO Group, it has been going through extensive restructuring but appears to have continued providing new versions of its spyware.
The map below details the major revelations about the Pegasus spyware, by country and over time. Click on the highlighted countries to focus on a region of the world and to learn more about global surveillance.