UK Court Awards Damages for Saudi Pegasus Spyware Targeting as NSO Seeks Legitimacy via Pall Mall Process
A UK court ordered the Kingdom of Saudi Arabia to pay £3 million in damages to London-based Saudi dissident Ghanem Al-Masarir after finding his iPhones were infected with NSO Group’s Pegasus spyware as part of a 2018 targeting campaign attributed to a Saudi operator dubbed KINGDOM. The ruling credited expert evidence from Citizen Lab researcher Bill Marczak, and the damages award covered injury, costs, and lost earnings tied to the spyware targeting and related harms; the decision was framed by advocates as a rare avenue for accountability for victims of mercenary spyware and transnational repression.
Separately, civil society groups warned that spyware vendors linked to human rights abuses are attempting to launder their reputations by engaging with diplomatic initiatives intended to curb misuse of commercial hacking tools. The criticism followed an NSO Group “transparency report” highlighting its claimed participation in the Pall Mall Process—a French- and UK-led effort to develop governance for Commercial Cyber Intrusion Capabilities (CCICs)—even as officials said NSO was not invited and participation does not equate to human-rights compliance; critics pointed to continued allegations of Pegasus abuse, including reported targeting of journalists and civil society in countries such as Serbia.
Timeline
Feb 2, 2026
Civil society groups warn spyware vendors are laundering reputations
Civil society organizations publicly warned that spyware vendors linked to human rights abuses were trying to use diplomatic initiatives like the Pall Mall Process to rehabilitate their image without meaningful reform.
Feb 2, 2026
France and U.K. say NSO was not invited to Pall Mall Process
After NSO publicized its submission, French and U.K. officials said the company had not been invited and that submitting comments did not amount to participation, compliance, or recognition as a responsible actor.
Jan 7, 2026
NSO Group publishes transparency report citing Pall Mall submission
On January 7, 2026, NSO Group released a transparency report highlighting that it had submitted input to the Pall Mall Process, prompting criticism from civil society groups.
Jan 1, 2026
UK court orders Saudi Arabia to pay damages over Pegasus spying
In January 2026, a UK court awarded £3 million to London-based Saudi dissident Ghanem Al-Masarir after finding he had been targeted with NSO Group's Pegasus spyware and crediting expert evidence from Citizen Lab.
Feb 1, 2025
Amnesty documents Pegasus targeting of Serbian journalists
Amnesty International reported that Pegasus spyware was used to target Serbian journalists, adding to the record of abuse tied to NSO Group's technology.
Feb 1, 2024
Pall Mall Process launched to govern commercial spyware
France and the U.K. launched the Pall Mall Process in February 2024 to develop governance for Commercial Cyber Intrusion Capabilities such as spyware.
Jan 1, 2018
Citizen Lab links Saudi 'KINGDOM' operator to Pegasus targeting of dissidents
In 2018, Citizen Lab found that a Saudi Pegasus operator it called 'KINGDOM' targeted dissidents abroad, including sending Ghanem Al-Masarir malicious links that led to infection of his iPhone.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Malware
Organizations
Affected Products
Sources
Related Stories
UK High Court Awards Damages After Finding Saudi-Linked Pegasus Spyware Hacked Dissident’s iPhones
A London High Court judge awarded Saudi satirist and activist **Ghanem Al-Masarir** more than **£3 million (~$4.1M)** in damages after finding a “compelling basis” that his iPhones were hacked using **NSO Group’s Pegasus** spyware, resulting in **data exfiltration**. The court concluded the intrusion was “directed or authorised” by the **Kingdom of Saudi Arabia (KSA)** or agents acting on its behalf, rejecting Saudi Arabia’s attempt to avoid the case via **state immunity** arguments and proceeding after the kingdom stopped participating in the litigation. The ruling cited digital forensic evidence, including analysis by **Citizen Lab** researcher **Bill Marczak**, who identified **malicious text messages** consistent with Pegasus delivery and attributed the infections to the KSA. Al-Masarir alleged the spyware enabled extensive surveillance capabilities—location tracking, access to stored data, and activation of microphones/cameras—and said the targeting coincided with a 2018 physical assault in London that caused injuries and contributed to severe personal and professional harm, including ending his YouTube activity criticizing the Saudi government.
1 months ago
Permanent Injunction Against NSO Group Targeting WhatsApp Users with Pegasus Spyware
A U.S. federal judge has issued a permanent injunction prohibiting the NSO Group, an Israeli spyware company, from targeting or infecting WhatsApp users with its Pegasus spyware. The ruling, delivered by Judge Phyllis J. Hamilton of the Northern District of California, stems from a lawsuit filed by Meta, WhatsApp's parent company, in 2019 after NSO was discovered attempting to compromise approximately 1,400 WhatsApp users, including attorneys, journalists, human rights activists, political dissidents, diplomats, and senior government officials. NSO's campaign involved creating fake WhatsApp accounts and targeting Meta's infrastructure to deploy Pegasus, a sophisticated zero-click spyware tool known for exploiting vulnerabilities in widely used software. The court found that NSO's actions caused direct business harm to Meta by undermining the privacy and security assurances that WhatsApp offers its users, particularly its end-to-end encryption based on the Signal Protocol. Judge Hamilton emphasized that unauthorized access to users' personal information constitutes more than reputational damage; it directly interferes with the core service Meta provides. In addition to the injunction, the court ordered NSO to delete any data obtained from targeting WhatsApp users. The judge also reduced the punitive damages awarded to Meta from $167 million to $4 million, citing legal precedents regarding the proportionality of damages to the conduct in question. While NSO argued that the injunction could force it out of business, the company stated that the ruling does not apply to its customers, who may continue using its technology, though legal experts and advocates for spyware victims dispute this interpretation. The decision is seen as a significant precedent for technology companies seeking to protect their platforms from commercial spyware and unlawful surveillance. Will Cathcart, head of WhatsApp, celebrated the ruling as a victory for user privacy and a warning to those who attempt to circumvent encryption protections. The case highlights the ongoing legal and ethical challenges posed by commercial spyware vendors and the importance of judicial intervention in safeguarding digital privacy. The ruling is the culmination of six years of litigation and is expected to influence future cases involving unlawful electronic surveillance. NSO Group, recently acquired by a consortium led by Hollywood producer Robert Simonds, is reviewing the decision but welcomed the reduction in damages. Privacy advocates have praised the court's recognition of the irreparable harm caused by circumventing end-to-end encryption and the broader implications for protecting civil society from targeted surveillance.
1 months ago
US Court Injunction Against NSO Group for WhatsApp Spyware Exploit
A U.S. federal judge has issued a permanent injunction against the Israeli spyware vendor NSO Group, prohibiting the company from using its technology to hack WhatsApp, one of the world's most widely used encrypted messaging applications. The court found that NSO Group had illegally reverse-engineered WhatsApp using a zero-day exploit, which resulted in the compromise of approximately 1,400 user devices. This exploit allowed unauthorized access to personal information, undermining the security and privacy of WhatsApp users globally. The case was brought before the U.S. District Court for the Northern District of California, where Judge Phyllis Hamilton presided over the proceedings. A California jury previously determined that NSO Group's actions constituted a breach, and initially awarded $167 million in punitive damages to Meta, WhatsApp's parent company. NSO Group appealed the ruling, arguing that the damages were excessive and that the injunction would effectively shut down its operations. In her final order, Judge Hamilton reduced the damages to $4 million but maintained the permanent injunction, emphasizing the broader harm caused by unauthorized access to encrypted personal information. The court's decision also requires NSO Group to destroy any code used in the WhatsApp hack, further limiting the company's ability to conduct similar operations in the future. Meta representatives welcomed the verdict, describing it as a significant advancement for user privacy and security. The ruling highlighted NSO Group's alleged role in enabling governments to target dissidents, political opponents, and journalists through its spyware. The case underscores the legal and ethical challenges posed by commercial spyware vendors and their impact on global digital privacy. The court's findings reinforce the importance of robust encryption and the need for legal protections against unauthorized surveillance. The decision sets a precedent for holding spyware vendors accountable for facilitating unauthorized access to secure communications platforms. The outcome of this litigation may influence future regulatory and legal actions against similar companies. The case also demonstrates the willingness of U.S. courts to intervene in matters involving foreign technology firms and the protection of user data. The permanent injunction serves as a warning to other entities considering the development or deployment of similar surveillance tools. The legal battle between Meta and NSO Group has drawn international attention to the risks associated with commercial spyware and the necessity of safeguarding encrypted communications.
1 months ago