Loading...
Whistleblower alleges Morocco used Pegasus spyware to target journalists
The whistleblower's testimony is the basis of a multi-year investigation

Whistleblower alleges Morocco used Pegasus spyware to target journalists

Jul 16, 2026
04:22 pm

What's the story

A former member of Morocco's domestic intelligence service has revealed that the North African state employed hacking software, including NSO Group's Pegasus spyware, to target journalists and human rights defenders. The whistleblower's testimony is the basis of a multi-year investigation by Moroccan journalist Hicham Mansouri. This has led to a joint probe involving several media organizations with technical assistance from Amnesty International's Security Lab.

Investigation findings

Whistleblower's testimony basis of investigation

The media consortium, led by Forbidden Stories and including 14 organizations such as Le Monde, Haaretz, El Confidencial, Die Zeit, and The Guardian, has uncovered evidence of Morocco's surveillance practices.

This includes leaked emails and targeting records related to Pegasus and other spyware.

Two former Moroccan intelligence agents also corroborated these facts.

The whistleblower's testimony is supported by leaked material including the Pegasus project dataset which Amnesty International's Security Lab has forensically analyzed.

Spyware introduction

NSO gave detailed demonstration of Pegasus to Moroccan intelligence

The investigation found that NSO Group representatives gave a detailed demonstration of their new technologies, including Pegasus, to senior Moroccan intelligence officers and technicians in Rabat in 2017.

The source said they instantly recognized the "revolutionary" potential of Pegasus as its remote-infection capacity meant they wouldn't have to physically access their targets' mobile phones anymore.

During this demonstration, NSO representatives infected several test phones remotely, activating cameras and accessing data/messages.

ADVERTISEMENT

Targeting strategy

Expensive spyware only for high-value targets

Before adopting Pegasus, the DGST relied on traditional human intelligence and other less sophisticated methods to target dissidents.

The whistleblower suggested that the expensive spyware was only used for high-value targets after cheaper options had been exhausted.

Evidence from the investigation shows four unique Moroccan phone numbers were chosen as Pegasus targets in September 2017, likely to test the new system in Morocco.

ADVERTISEMENT

Global impact

Targeting expanded beyond Morocco to Spain

The leaked database from a previous investigation revealed that Moroccan journalists and human rights defenders were targeted by Pegasus as early as September 2017.

The targeting soon expanded beyond Morocco, with Spanish human rights activist Aminatou Haidar's number found in the leaked database and targeted by Pegasus back in 2018.

Over 200 Spanish numbers were reportedly chosen for Pegasus targeting by the user believed to be Morocco.

Diplomatic fallout

Phones of Spanish PM, Defense Minister infected with Pegasus

In May 2022, the Spanish government revealed that Prime Minister Pedro Sanchez and Defense Minister Margarita Robles's phones were infected with Pegasus spyware in May and June 2021.

This came amid a diplomatic row between Madrid and Rabat over Spain treating the leader of the Polisario Front for COVID-19.

Other Spanish officials such as Interior Minister Fernando Grande-Marlaska and Agriculture Minister Luis Planas were also targeted.

ADVERTISEMENT