Moroccan Intelligence Insider Blows Whistle on Years of Pegasus Spyware Targeting

A former spy describes how Morocco reportedly used phone-hacking software since 2017 to surveil journalists, human rights workers, and foreign politicians, including cabinet ministers in Spain and officials in France.

ThreatVectr Newsdesk· 3 min read
Aerial view, 16:9 framing, photoreal editorial style, a dense suburban neighbourhood at dusk with hundreds of softly glowing house windows, each window subtly e
Share

Key points

  • A former member of Morocco's domestic intelligence service has spoken out about the country's alleged use of Pegasus spyware dating back to at least 2017.
  • Pegasus, built by the Israel-based NSO Group, can silently read every message, email, and photo on a target's phone and secretly activate its microphone and camera.
  • Reported targets include journalists, human rights defenders, French politicians, and Spanish cabinet ministers and police officers.
  • The account, first reported by The Guardian, offers rare insider detail on how a government customer of NSO Group allegedly ran these operations.

A former Moroccan intelligence officer has given what researchers are calling an unusually detailed account of how his country's domestic spy agency allegedly used Pegasus spyware, software that turns a smartphone into a remote listening device, to monitor enemies at home and allies abroad.

Pegasus is made by the NSO Group, an Israeli company that sells the tool exclusively to government clients. Once it gets onto a phone, with no click or action required from the target, the operator can read emails, see photos, listen to calls, and activate the microphone and camera in real time. Think of it as handing a stranger a skeleton key to everything on your phone.

According to the whistleblower, Morocco began deploying the software around 2017. Targets reportedly spanned several categories: local journalists and human rights defenders inside Morocco, French politicians, and Spanish government ministers as well as Spanish police officers. Spying on the security forces of a neighbouring country sits in a different category of seriousness from domestic surveillance alone.

Why should ordinary people care about this?

Most of us are not targets of nation-state spyware. But this case matters for a simple reason: it confirms that advanced phone-hacking tools, once thought to be aimed only at terrorists and serious criminals, were turned on politicians, lawyers, journalists, and activists. That widens the circle of who should think about their own digital security.

If you communicate with anyone in a sensitive profession, a lawyer, a refugee advocate, a politician's staffer, there is a small but real chance that your messages could sit on a phone that is itself a target.

The operation described by the whistleblower fits a pattern that threat-intelligence vendors track closely. NSO Group's customer base and targeting behaviour have been documented in research by Citizen Lab and Amnesty International's Security Lab, two groups that study commercial spyware by examining infected devices. Attribution here sits at high confidence based on multiple independent technical investigations, not just this single insider account.

Morocco has previously denied using Pegasus against the targets named in those earlier reports.

For anyone who believes they might be a person of interest to a government, the practical steps are limited but worth knowing. Keep your phone's operating system updated: spyware like Pegasus often exploits software flaws that updates later fix. On iPhone, Apple's Lockdown Mode, a setting that blocks many advanced attack routes, exists precisely for high-risk individuals. On Android, regular restarts can sometimes interrupt certain implants.

For everyone else, the takeaway is simpler: this story shows that surveillance tools marketed as targeted are used far more broadly than advertised.

© 2026 Threat Vectr