Moroccan Insider Exposes Widespread Pegasus Spyware Usage

A former operative from Morocco’s Direction Générale de la Surveillance du Territoire (DGST) has provided detailed testimony confirming the state’s use of NSO Group’s Pegasus spyware to monitor journalists, activists, and foreign officials. According to evidence compiled by a 14-media consortium coordinated by Forbidden Stories, the surveillance campaign—codenamed “Morgan” in internal NSO records—began in 2017 and targeted high-profile individuals, including Spanish Prime Minister Pedro Sánchez.

The Mechanics of State-Sponsored Hacking

Pegasus, developed by Israel-based NSO Group, functions as a remote-access tool capable of turning a smartphone into a surveillance device. According to Amnesty International’s Security Lab, the software allows operators to extract emails, photographs, and text messages while remotely activating cameras and microphones. The whistleblower, using the pseudonym “Safir,” described the technology as a “monster’s weapon” reserved for high-value targets after traditional intelligence methods—such as compromising internet cafes or infecting devices at point-of-sale—proved insufficient.

Leaked records and forensic analysis suggest the program was initiated following a 2017 demonstration at a private villa in Rabat. Participants reportedly realized the software’s “revolutionary” potential, as it eliminated the need for physical access to a target’s device. Safir alleged that the expensive subscription was financed by the United Arab Emirates, characterizing the arrangement as a shared service between allied intelligence agencies.

Did you know?

Internal NSO Group documents revealed in US court filings indicate that countries using Pegasus were assigned codenames based on the first letter of their nation and a car manufacturer. Morocco was identified as “Morgan” in these presentations.

Diplomatic Repercussions in Spain and France

The use of Pegasus against Spanish cabinet members, including Prime Minister Pedro Sánchez and Defense Minister Margarita Robles, created significant friction between Madrid and Rabat. Records from the Pegasus project show that over 200 Spanish mobile numbers were selected for targeting, a move that coincided with diplomatic tensions regarding the Western Sahara conflict.

Despite these findings, judicial investigations in Spain have faced repeated setbacks. A judge shelved inquiries in January 2024, citing a lack of cooperation from Israeli authorities regarding requests to interview NSO Group’s leadership. Furthermore, internal documents suggest that the DGST targeted even the Spanish Guardia Civil officers who were collaborating with them on counter-terrorism efforts. A senior Guardia Civil official described this discovery as a “betrayal,” noting that officers had not taken standard security precautions because they viewed Morocco as an ally.

The trajectory of state-sponsored spyware suggests a shift toward more stringent international oversight. Following the 2021 decision by the Biden administration to place NSO Group on a US blacklist, the global market for such tools has faced increased regulatory pressure. Reports from Calcalist indicate that Israel’s defense ministry restricted exports of cyber-technology to several nations, including Morocco and the UAE, in late 2021.

New Pegasus Spyware revelations as French PM visits Morocco • FRANCE 24 English

Moving forward, intelligence agencies are likely to move toward more opaque, localized surveillance solutions to avoid the public exposure associated with third-party vendors like NSO. As forensic capabilities improve—led by groups like Amnesty International—the “attribution problem” in cyber-espionage is narrowing, making it increasingly difficult for states to deny the use of sophisticated digital tools against domestic and foreign critics.

Pro Tip:

For individuals concerned about device security, experts recommend using encrypted messaging services and maintaining updated operating systems. However, as demonstrated by Pegasus’s remote-infection capabilities, even high-security devices remain vulnerable to zero-click exploits.

Frequently Asked Questions

  • What is Pegasus spyware? It is a sophisticated surveillance tool created by NSO Group that allows remote, silent access to a smartphone’s data, camera, and microphone.
  • Did Morocco admit to using Pegasus? No, the Moroccan government has consistently denied using the software to target critics or foreign officials, labeling such investigations as unproven.
  • Why was the Spanish investigation closed? The Spanish judge shelved the case due to a lack of cooperation from Israeli authorities, which he described as a violation of the “principle of good faith.”
  • Is there evidence of ongoing surveillance? The Pegasus project investigation did not find evidence of Pegasus-aided surveillance by Morocco after late 2021.

Stay informed on the intersection of technology and national security. Subscribe to our newsletter for updates on global surveillance trends and digital privacy developments.

Frequently Asked Questions

Leave a Comment