Pegasus spyware has gained notoriety since it was used by various governments to spy on and suppress journalists, activists, and civil society groups. On November 10, 2021, this reality crashed onto the smartphone of Varuzhan Geghamyan, an assistant professor at Yerevan State University in Armenia, who was surprised to discover that his device had been compromised by the malware. It was Apple that sent him a notification: the American manufacturer filed a complaint against NSO at the end of 2021 and set up a program to alert iPhone users targeted by Pegasus. The company also helps organizations fighting this type of malware.
A sophisticated spy tool
Geghamyan was not an isolated case. A joint investigation by Access Now, Citizen Lab, Amnesty International, CyberHub-AM, and independent security researcher Ruben Muradyan found that he was one of 13 Armenian public officials, including journalists, former government officials, and at least one United Nations official, whose phones were targeted by Pegasus.
At that time, Varuzhan Geghamyan gave public lectures and commented on the situation on local and state media. He focused primarily on the ongoing conflict in Nagorno-Karabakh, a territory internationally recognized as part of Azerbaijan but seeking independence with the support of Armenia. The area has been the scene of violent clashes between Armenia and Azerbaijan since the fall of the Soviet Union. But in September 2020, these tensions exploded into open warfare that lasted about six weeks and left more than 5,000 people dead. Despite a ceasefire agreement, fighting continued in 2021.
In 2022, Human Rights Watch documented war crimes against Armenian prisoners of war, and the region suffered a massive blockade that deprived tens of thousands of people of basic commodities. Researchers have found that most of the victims of Pegasus espionage were infected during the period of the war and its aftermath. “Most of those targeted were those working on issues related to human rights violations,” said Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab.
The NSO Group has regularly claimed that it only authorizes the use of its products by governments, particularly law enforcement and intelligence agencies. Previous reports revealed that Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, Togo, and the United Arab Emirates were all likely customers of NSO Group. In 2022, the company announced that it would no longer sell its software to non-NATO countries.