— Edition 1.247 33 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
Snapshot data
AML/OFAC enforcement against banks and fintech — 455 penalties documented 455 AML/OFAC penalties documented across 177 countries and 401 regula… CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones 6 milestones in Spain's DSA Coordinator rollout; as of May 2026 still… Corporate data breaches: from incident to response — 7 breaches documented 7 corporate data breaches documented by notification conduct and outc… Digital regulatory risk index by country — 16 countries profiled 16 countries profiled by digital regulatory risk (coverage expanded w… DMA · designated gatekeepers and real compliance — 8 documented DMA acts 8 acts in the DMA gatekeeper regime: 7 designated, first final fines … Global election risk 2026: democracy and digita… — 22 elections profiled 22 2026 elections profiled by political regime (EIU) and digital envi… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Documented electoral disinformation 2026 — 5 documented campaigns 5 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 9 authorities profiled 9 national authorities profiled; ~€7.1bn in GDPR fines since 2018, bu… Digital political ad spending 2026 — 5 country-platform observ… 5 observations of digital political ad spending in 2026 elections, me… US · the state AI regulation patchwork — 8 laws and milestones 8 laws and milestones in the US AI patchwork; with no comprehensive f… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Power and corruption in the courts in Ibero-Ame… — 29 documented cases 29 senior officials prosecuted for corruption across 19 countries, wi… Crypto industry: collapses, sanctions and convi… — 10 documented cases 10 crypto-sector collapse, sanction and conviction cases across 4 cou… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… AI harms in court — litigation, rulings and set… — 100 documented cases 100 litigated AI-harm cases across 25 jurisdictions on 5 continents, … Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Scandal → conviction gap — — milestones logged Series starting — Odebrecht/Lava Jato as base case Technology ↔ regulation gap — 25 regulatory milestones 25 milestones across 11 jurisdictions; gaps from 0 to 22 years; Chile… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents Digital fines actually imposed — 60 sanctions recorded 60 high-value sanctions across 17 jurisdictions and 6 continents; cov… EU AI Act — designation of national authorities — 3 / 27 Member States Art. 70 deadline expired 2 Aug 2025 — process still open AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Designation process opened 2 Aug 2025 · high-risk deadline Aug 2026 AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… Only 3 of 27 MS with both authorities designated by early 2026 EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep LATAM · Internet shutdowns and platform blocks — 7 documented events · 202… Venezuela concentrates the region's most severe blocks LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… X complied with the orders and was reinstated after 39 days of suspen… Commercial spyware: documented cases worldwide — 22 documented cases 22 verified commercial-spyware cases across 12 countries on four cont… RSF · Press freedom in Latin America — 144 worst regional rank (Pe… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 LATAM · AI bills in legislative process — 150+ bills identified Niubox January 2026 — only 4 Iberoamerican countries with law in force AML/OFAC enforcement against banks and fintech — 455 penalties documented 455 AML/OFAC penalties documented across 177 countries and 401 regula… CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones 6 milestones in Spain's DSA Coordinator rollout; as of May 2026 still… Corporate data breaches: from incident to response — 7 breaches documented 7 corporate data breaches documented by notification conduct and outc… Digital regulatory risk index by country — 16 countries profiled 16 countries profiled by digital regulatory risk (coverage expanded w… DMA · designated gatekeepers and real compliance — 8 documented DMA acts 8 acts in the DMA gatekeeper regime: 7 designated, first final fines … Global election risk 2026: democracy and digita… — 22 elections profiled 22 2026 elections profiled by political regime (EIU) and digital envi… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Documented electoral disinformation 2026 — 5 documented campaigns 5 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 9 authorities profiled 9 national authorities profiled; ~€7.1bn in GDPR fines since 2018, bu… Digital political ad spending 2026 — 5 country-platform observ… 5 observations of digital political ad spending in 2026 elections, me… US · the state AI regulation patchwork — 8 laws and milestones 8 laws and milestones in the US AI patchwork; with no comprehensive f… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Power and corruption in the courts in Ibero-Ame… — 29 documented cases 29 senior officials prosecuted for corruption across 19 countries, wi… Crypto industry: collapses, sanctions and convi… — 10 documented cases 10 crypto-sector collapse, sanction and conviction cases across 4 cou… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… AI harms in court — litigation, rulings and set… — 100 documented cases 100 litigated AI-harm cases across 25 jurisdictions on 5 continents, … Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Scandal → conviction gap — — milestones logged Series starting — Odebrecht/Lava Jato as base case Technology ↔ regulation gap — 25 regulatory milestones 25 milestones across 11 jurisdictions; gaps from 0 to 22 years; Chile… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents Digital fines actually imposed — 60 sanctions recorded 60 high-value sanctions across 17 jurisdictions and 6 continents; cov… EU AI Act — designation of national authorities — 3 / 27 Member States Art. 70 deadline expired 2 Aug 2025 — process still open AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Designation process opened 2 Aug 2025 · high-risk deadline Aug 2026 AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… Only 3 of 27 MS with both authorities designated by early 2026 EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep LATAM · Internet shutdowns and platform blocks — 7 documented events · 202… Venezuela concentrates the region's most severe blocks LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… X complied with the orders and was reinstated after 39 days of suspen… Commercial spyware: documented cases worldwide — 22 documented cases 22 verified commercial-spyware cases across 12 countries on four cont… RSF · Press freedom in Latin America — 144 worst regional rank (Pe… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 LATAM · AI bills in legislative process — 150+ bills identified Niubox January 2026 — only 4 Iberoamerican countries with law in force
/ trackers / spyware-iberoamerica
Surveillance and digital rights

Commercial spyware: documented cases worldwide

Forensically or judicially documented cases of commercial spyware —NSO Group's Pegasus, Intellexa's Predator, Paragon's Graphite, Candiru— used against journalists, activists, opponents and public figures worldwide. The tracker only gathers cases with technical verification (device analysis by Citizen Lab, Amnesty International or equivalent organisations) or judicial verification, not mere suspicions. Each record documents the tool, the vendor, the number of confirmed victims, the affected sector and the confidence level with which it is attributed to an operator. The focus is on the verifiable trace: a country's absence from the map does not mean the absence of surveillance, but the absence of public investigation.

Snapshot · May 21, 2026
22
documented cases
↑ 22 verified commercial-spyware cases across 12 countries on four continents, with their tool, victims and attribution level

Evolution

Data analysis

Statistical readings derived from the attributes of each recorded case. All figures come from the documented events; amounts are computed only over cases with a sum expressed in the indicated currency, without converting between currencies.

Cases by country

Distribution of forensically or judicially documented cases by country. Mexico concentrates most of the region's confirmed cases.

Cases by spyware tool

Which spyware tools appear in the documented cases. NSO Group's Pegasus clearly dominates.

Cases by vendor

The companies that develop and sell the spyware behind each case.

Confidence in operator attribution

With what degree of certainty each case is attributed to a specific operator. Spying attribution is rarely conclusive.

Documented cases by year

Temporal evolution of the verified cases, from Panama's 2012 purchase to the most recent.

Global incidence map

Choropleth by number of forensically or judicially documented cases. Countries with no verifiable public cases remain in the base colour — the absence of events does not equal the absence of surveillance. Hover or click a coloured country to see the cases.

Natural Earth 50m · Diálogo Ciudadano

Reading the data

Twenty-two verified commercial-spyware cases in twelve countries on four continents share a pattern: the software is almost always Israeli —NSO Group's Pegasus dominates— and the victims are journalists, activists and opponents. From the hacking of a Polish senator mid-campaign to Khashoggi's circle before his murder, the trace is global.

CT
Celinda S. Tórrez · Correspondent — Colombia · Bogotá
May 25, 2026 · 7 min read

Surveillance with commercial software leaves, unlike almost any other abuse of power, a technical trace. An infected phone retains marks that labs like the University of Toronto's Citizen Lab, or Amnesty International's Security Lab, can analyse and peer-review. This tracker gathers only cases with that kind of verification —forensic or judicial—, not mere suspicions: twenty-two documented cases in twelve countries on four continents, from Mexico to Thailand, from Poland to the United Arab Emirates.

The pattern that emerges is of an almost monotonous uniformity. The software is, overwhelmingly, Israeli: NSO Group's Pegasus appears in the vast majority of cases, occasionally complemented by Candiru, the Intellexa consortium's Predator and Paragon's Graphite. And the victims are almost always the same categories: journalists, activists, lawyers, political opponents and human rights defenders. The tool is sold to pursue 'terrorism and serious crime'; the infected phones belong, again and again, to those who inconvenience power.

NSO Group's Pegasus is present in fourteen of the sixteen cases. Mexico concentrates six; Spain, four. But the novelty of this update lies at the extremes: Panama, which bought the system as early as 2012 —one of the world's first state uses—, and the Dominican Republic, where a journalist's phone was infected three times.

Panama: the purchase the courts documented

The Panamanian case is singular because it does not rest on a forensic analysis of a phone, but on something even more solid: a court file. Ricardo Martinelli's government acquired Pegasus in 2012, for around eight million dollars, and operated it from the Oceanía building through the National Security Council to surveil at least 150 people between 2012 and 2014. All of it was documented in the 'wiretapping' trial, where prosecutors detailed the negotiation with NSO —installation and training included. It makes Panama one of the world's first states to use Pegasus, years before the global scandal erupted in 2021.

That precedent matters because it illuminates the rest of the tracker. Most cases are known from the victim's side —a phone a lab analyses after an Apple alert—, but it is rarely proven who bought and operated the software. Panama is the exception that shows the full chain: a state, a contract, a building, a target list. And yet the former president was acquitted in 2019 in one of the proceedings, a reminder of how hard it is to translate technical evidence into judicial consequence.

Who pulls the trigger

Attribution is the weak point of almost the entire tracker, which is why one of the charts measures precisely the level of confidence with which each case is linked to an operator. The technical trace proves a phone was infected; it rarely proves, on its own, who ordered the infection. NSO insists it only sells to states, which narrows the circle of suspects, but governments tend to deny being clients —as El Salvador did despite the surveillance of 22 El Faro staff, or as happens with the current control of the Pegasus bought in Colombia, whose whereabouts remain unclear.

Spain illustrates the other side: there, the spying cut in two directions. On one hand, the so-called 'CatalanGate' documented by Citizen Lab, with dozens of Catalan pro-independence figures surveilled; on the other, the phones of the prime minister and several ministers themselves, infected in what the government called an 'external and illicit' attack. That both the watched and the watchers end up on the same victim list says a great deal about how unchecked this market is.

A trace that respects no borders

If the first version of this tracker focused on Ibero-America, its expansion to the rest of the world confirms the phenomenon knows no geography. In Poland, opposition senator Krzysztof Brejza was infected 33 times during the 2019 campaign, and a Senate commission later concluded those elections were unfair: spyware used not in an autocracy, but inside the European Union. In Thailand, the GeckoSpy operation infected at least 30 pro-democracy activists. In the United Arab Emirates, activist Ahmed Mansoor was one of the world's first documented targets, in 2016.

The darkest case is Saudi Arabia's: Citizen Lab found Pegasus in journalist Jamal Khashoggi's circle —on the phone of his confidant Omar Abdulaziz and, later, on his wife's— in the months before his murder in the Saudi consulate in Istanbul. It is the starkest proof that mercenary surveillance is not an abstract privacy matter: it can be the prelude to violence. And the confirmation of infections of exiled Russians and Belarusians inside the EU shows that not even refuge in a democracy protects from these tools' reach.

Methodology note

Only cases with forensic verification (technical analysis of devices by Citizen Lab, Amnesty International's Security Lab or equivalent organisations) or judicial verification (public files and trials) are recorded. A country's absence from the map does not mean the absence of surveillance: it means that, as of this version, there is no verifiable public investigation. Operator attributions are recorded with their confidence level and, when a government denies being a client, it is noted. The outlet does not assert who ordered each infection beyond what the verifiable source maintains.

The charts above —country, tool, vendor, attribution confidence and annual trend— and the regional incidence map are computed from each case's attributes. Main sources: Citizen Lab, Amnesty International, Access Now, Forbidden Stories and each country's press.

Documented events (22)

July 18, 2022 TH confirmed

Thailand · At least 30 pro-democracy activists infected with Pegasus (GeckoSpy operation)

Citizen Lab forensically confirmed that at least 30 activists, pro-democracy protesters and people calling for reforms to the Thai monarchy were infected with Pegasus between October 2020 and November 2021, in an operation dubbed GeckoSpy. Many victims had been prosecuted under the country's strict lèse-majesté laws. Citizen Lab could not definitively attribute the operation to the Thai government, though NSO says it only sells to states.

Citizen Lab — GeckoSpy: Pegasus contra el movimiento prodemocracia de Tailandia ↗
January 13, 2022 SV confirmed

Project Torogoz: Pegasus against El Faro and Salvadoran press (35 confirmed victims)

Citizen Lab and Access Now confirmed 35 cases of journalists and civil society members whose phones were infected with Pegasus between July 2020 and November 2021. Targets included journalists from El Faro (22 members), GatoEncerrado, La Prensa Gráfica, Revista Digital Disruptiva, Diario El Mundo, El Diario de Hoy, and two independent journalists. Civil society affected: Fundación DTJ, Cristosal, and another NGO. Hacking occurred while these outlets reported on the government's MS-13 pact and the Bukele administration. Amnesty International Security Lab independently confirmed findings.

Citizen Lab · Project Torogoz · Report 148 ↗ Amnesty International · El Salvador Pegasus surveillance journalists ↗ El Faro · 22 Members of El Faro Bugged with Spyware Pegasus ↗
January 13, 2022 SV confirmed

El Salvador · 22 El Faro staff surveilled; the editor infected 42 times with Pegasus

Citizen Lab documented that the phones of 22 reporters, editors and staff of El Faro —more than two-thirds of the newsroom— were infected with Pegasus, with data extracted from several devices. The outlet was under constant surveillance for at least 17 months, between June 2020 and November 2021; the editor-in-chief, Óscar Martínez, had his phone infiltrated at least 42 times. The surveillance coincided with El Faro's coverage of the Bukele government's negotiations with gangs. The government denied being an NSO client.

Al Jazeera / Citizen Lab — Pegasus usado contra activistas y periodistas en El Salvador ↗
October 1, 2018 SA confirmed

Saudi Arabia · Pegasus in Jamal Khashoggi's circle before his murder

Citizen Lab revealed in October 2018, with high confidence, that Pegasus had infected the iPhone of Saudi dissident Omar Abdulaziz, a confidant of journalist Jamal Khashoggi, months before Khashoggi's murder in the Saudi consulate in Istanbul. A later forensic analysis also found Pegasus traces on the phone of Khashoggi's wife, Hanan Elatr, manually installed while she was detained by UAE authorities. It is the case that most linked the spyware to lethal consequences.

Citizen Lab / National Post — el activista cercano a Khashoggi demanda a NSO ↗
January 1, 2019 PL confirmed

Poland · Opposition senator Krzysztof Brejza hacked 33 times during the 2019 election campaign

Citizen Lab determined, and Amnesty International independently confirmed, that the phone of Polish opposition senator Krzysztof Brejza was infected with Pegasus 33 times in 2019, while he ran the opposition's election campaign. Messages stolen from his phone were doctored and aired by state TV. A Senate commission later concluded the 2019 elections were unfair due to the software's use, in one of the gravest cases for occurring within the EU.

PBS / AP — Amnistía verifica que el senador polaco fue hackeado con Pegasus ↗
January 1, 2012 PA confirmed

Panama · Martinelli's government bought Pegasus in 2012 and spied on around 150 people

Ricardo Martinelli's government (2009-2014) acquired NSO Group's Pegasus in 2012 for around 8 million dollars, operating it from the Oceanía building through the National Security Council to surveil at least 150 people —opponents, journalists and public figures— between 2012 and 2014. The purchase and use were documented in the criminal 'wiretapping' trial, in which prosecutors presented the negotiation with NSO (installation and training included); Panama also acquired a system from the Israeli firm MLM Protection. Martinelli was acquitted in 2019 in one of the proceedings. It is one of the world's earliest documented state uses of Pegasus.

La Prensa (Panamá) — Panamá usó Pegasus antes de la masiva vigilancia global ↗
July 9, 2025 MX reported

Mexico investigation: Attorney General opens case on USD 25M bribery in Peña Nieto's Pegasus purchase

Mexican Attorney General Alejandro Gertz Manero announced in July 2025 an investigation into an alleged USD 25 million bribe paid to Enrique Peña Nieto by businessmen Avishai Neriah and Uri Emmanuel Ansbacher to facilitate the Mexican government's Pegasus purchase. The investigation stems from a report by Israeli outlet The Marker (5 July 2025) based on confidential arbitration between Neriah and Ansbacher finalized in late 2024 in a Jerusalem court. Neriah was Mexico's honorary consul in Haifa since 2014. Ansbacher is a close associate of NSO founder Shalev Hulio.

JFeed · Mexico's new probe into Pegasus bribe scandal ↗
June 1, 2022 MX confirmed

Pegasus against Alejandro Encinas, AMLO's human rights deputy minister

Alejandro Encinas, Mexico's under-secretary for human rights and a close ally of President López Obrador, was targeted with Pegasus while investigating Army abuses, including the case of the 43 disappeared Ayotzinapa students. The New York Times reported the case in May 2023. It is the first confirmed case of such a senior administration member being targeted with Pegasus in Mexico in over a decade of the tool's use.

Citizen Lab · forensic confirmation Encinas case ↗ New York Times · Mexican military spying on AMLO ally ↗
October 2, 2022 MX confirmed

Pegasus against journalist Ricardo Raphael (Mexico)

Journalist and political analyst Ricardo Raphael was targeted at least three times with Pegasus in October-November 2019 and again in December 2020. Forensic analysis also revealed a 2016 infection via the HOMAGE exploit. He was targeted while on a media tour promoting his book on the military origins of the Los Zetas cartel. R3D investigation with Citizen Lab technical support.

Citizen Lab · New Pegasus Spyware Abuses Identified in Mexico ↗ ARTICLE 19 México · Army used Pegasus against journalists ↗ The Record · Mexican journalists targeted by zero-click spyware ↗
June 19, 2017 MX confirmed

Pegasus against journalists, lawyers and activists in Mexico — first wave of revelations

Citizen Lab, ARTICLE 19, R3D and SocialTIC published a series of eight reports in 2017 documenting mass surveillance with Pegasus against investigative journalists, lawyers for cartel victims' families, anti-corruption groups, prominent legislators, international Ayotzinapa case investigators, and family members of murdered journalists. The Guardian later described Mexico as a Pegasus 'laboratory'.

Citizen Lab · Munk School · serie 2017 Pegasus México ↗ RSF · Mexican journalists targeted by Pegasus spyware ↗
March 5, 2024 ES confirmed

US sanctions Intellexa consortium (Predator) — regional impact

The US Department of the Treasury sanctioned in March 2024 Tal Dilian (Intellexa founder, former Israeli military intelligence officer) and commercial entities of the Intellexa consortium for Predator proliferation. While the sanction is US-based, it affects a consortium with documented commercial presence in Europe and operations identified by Insikt Group in over a dozen countries. Ibero-America does not appear in the public list of active Predator operators as of May 2026.

US Treasury · Intellexa Consortium sanctions ↗ Recorded Future Insikt Group · Predator infrastructure ↗
July 18, 2021 HU confirmed

Hungary · Journalists and opposition figures infected with Pegasus, confirmed by the Pegasus Project

The Pegasus Project, the 17-outlet consortium coordinated by Forbidden Stories and Amnesty International, revealed in 2021 that Hungary —an EU member state— was among NSO's confirmed clients. Forensic analysis confirmed infections on the phones of investigative journalists and figures critical of Viktor Orbán's government, sparking mass protests. Hungary was one of the first EU governments flagged for abusive Pegasus use.

Certo / Pegasus Project — la historia completa de Pegasus ↗
July 10, 2024 LT confirmed

EU (Lithuania) · Exiled Russian and Belarusian journalists and activists infected with Pegasus inside the EU

Access Now and Citizen Lab confirmed in 2024 that at least seven exiled Russian, Belarusian, Latvian and Israeli journalists and activists were infected with Pegasus inside the EU, expanding the previous year's case of Galina Timchenko (Meduza). Victims include Belarusian opposition figure Andrei Sannikov, infected in 2021, and editor Natallia Radzina. The cases show that exile in the EU does not protect from mercenary surveillance.

Access Now — sociedad civil en el exilio atacada con Pegasus ↗
January 31, 2025 ES alleged

WhatsApp notifies possible Spanish victims of Paragon Graphite (2025)

WhatsApp notified approximately 90 users worldwide in January 2025 of being targeted by Graphite, Paragon Solutions' spyware. Targets include journalists and civil society members across two dozen countries. Citizen Lab forensically confirmed at least three European cases (two Italian Fanpage.it journalists and a third anonymous journalist). The exact number affected in Spain has not been published, but Spain appears among countries with notifications per subsequent reports.

Citizen Lab · Graphite Caught: First Forensic Confirmation ↗ European Federation of Journalists · Paragon Solutions journalists targeted ↗
May 2, 2022 ES confirmed

Pegasus against PM Pedro Sánchez and ministers (Spain)

The Spanish government confirmed in May 2022 that the phones of PM Pedro Sánchez, Defense Minister Margarita Robles, and Interior Minister Fernando Grande-Marlaska were targeted with Pegasus. Sánchez was the first head of government confirmed worldwide as a Pegasus target. CNI Director Paz Esteban was dismissed in the scandal's context. Attribution for the attack against Sánchez was not made public but excludes the Spanish government itself as operator.

BBC · Spain dismisses spy chief in Pegasus phone spyware scandal ↗ Citizen Lab · CatalanGate Report ↗
April 18, 2022 ES confirmed

CatalanGate: Pegasus and Candiru against 65 Catalans (Spain)

Citizen Lab identified at least 65 individuals linked to the Catalan independence movement targeted or infected with spyware. 63 with Pegasus, 4 with Candiru, 2 with both. Victims include MEPs, all four Catalan presidents since 2010 (Mas, Puigdemont, Torra, Aragonès), two Parliament presidents, legislators, jurists, and civil society organization members. Most incidents occurred between 2017 (independence referendum) and 2020. Amnesty International Security Lab validated forensic methodology. Spanish government confirmed CNI had prior judicial approval to use spyware against Catalan separatists.

Citizen Lab · CatalanGate Report ↗ Amnesty International · Catalans targeted with Pegasus ↗ Council on Foreign Relations · Targeting of Catalan separatists ↗
May 2, 2023 DO confirmed

Dominican Republic · Journalist Nuria Piera infected with Pegasus three times

Amnesty International's Security Lab confirmed that the phone of Dominican investigative journalist Nuria Piera was infected with Pegasus at least three times between July 2020 and October 2021. Citizen Lab peer-reviewed and ratified the findings with its independent methodology. Piera was investigating corruption cases involving senior officials and relatives of a former president. It was the first forensically confirmed case in the country and the third in the Americas, after Mexico and El Salvador.

Amnistía Internacional — Pegasus en el teléfono de una destacada periodista dominicana ↗
September 4, 2024 CO reported

Colombia: President Petro denounces Pegasus purchase by Duque government (USD 11M, 2021)

Colombian President Gustavo Petro called in September 2024 for an investigation into alleged Pegasus use by the previous government of Iván Duque. According to information shared by the Financial Information and Analysis Unit (UIAF), between July and August 2021 an Israeli bank reported unusual activity after receiving a cash deposit of USD 5.5 million directed to NSO Group Technologies Limited. The payment related to a USD 11 million agreement between NSO Group and the Police Intelligence Directorate (DIPOL). Petro alleged the spyware was brought to spy on youth movements and opposition communications for six months. The accusation is pending judicial investigation; there is no public forensic confirmation of individual victims in Colombia as of May 2026.

Latin America Reports · Colombia to investigate alleged Pegasus use ↗ Latin America Reports · US financed Colombia's Pegasus purchase claim ↗
January 1, 2021 CO confirmed

Colombia · 11-million-dollar Pegasus purchase under Duque's government, under investigation

President Gustavo Petro revealed in 2024 that during Iván Duque's government around 11 million dollars in cash were flown out of the country, on one or two planes, to buy Pegasus from NSO in Israel, and asked the Attorney General's Office to investigate. According to Petro, the software was allegedly used to spy on the opposition, journalists and human rights defenders during the 2021 National Strike. Later investigations linked Colombian operators to the Pegasus structure in Panama. The software's whereabouts and current control remain unclear.

Reuters — Petro pide investigar la compra de Pegasus ↗
August 1, 2016 AE confirmed

United Arab Emirates · Activist Ahmed Mansoor targeted by Pegasus in one of the first documented cases

In August 2016, Citizen Lab and Lookout documented that the iPhone of Emirati human rights activist Ahmed Mansoor was attacked with Pegasus via a message asking him to click a link about prisoners tortured in the UAE. It was one of the world's first publicly documented Pegasus cases and revealed NSO's 'zero-click' exploits. Mansoor was later sentenced to 10 years in prison for his social media posts.

Middle East Eye / Citizen Lab — la larga historia de NSO Group ↗

Methodology

Type
event-log
Construction
Multi-source verified
Cadence
monthly

Sources consulted

  1. Citizen Lab · Munk School · University of Toronto ↗ academic

    World-leading forensic research center on commercial spyware. Its reports are the primary source for most documented cases. Technical methodology with open publication, regular peer review by Amnesty Tech Lab.

  2. Amnistía Internacional · Security Lab ↗ civil-society

    Amnesty's technical lab. Independently confirms Citizen Lab forensic investigations. Develops and maintains the Mobile Verification Toolkit (MVT) used for device self-scans.

  3. Access Now · Digital Security Helpline ↗ civil-society

    Helpline and technical triage for threatened activists and journalists. Collaborates with Citizen Lab on investigations of cases identified via its helpline.

  4. R3D — Red en Defensa de los Derechos Digitales · México ↗ civil-society

    Mexican digital-rights organization. Forensic investigation in collaboration with Citizen Lab for the Mexican cases. Covers Pegasus, Predator and Paragon in LATAM.

  5. ARTICLE 19 · México y Centroamérica ↗ civil-society

    Co-author of investigations on Pegasus in Mexico alongside R3D, SocialTIC and Citizen Lab.

  6. SocialTIC · México ↗ civil-society

    Mexican social-technology organization. Co-author of investigations on Pegasus in Mexico.

  7. Apple · notificaciones de ataque state-sponsored ↗ official

    Apple has notified users targeted by state-sponsored attacks since November 2021. These notifications have been the entry point for subsequent forensic investigation of many cases.

  8. WhatsApp · notificaciones de ataque (Meta) ↗ official

    WhatsApp notifies users targeted by spyware attacks. In January 2025 it notified roughly 90 users worldwide attacked with Paragon's Graphite.

  9. U.S. Department of the Treasury · sanciones a Intellexa Consortium ↗ official

    The US Treasury sanctioned Tal Dilian (founder of Intellexa) and associated entities of the Intellexa consortium in March 2024 for the proliferation of Predator. Formal sanction with official publication.

  10. Carnegie Endowment for International Peace · Global Inventory of Commercial Spyware ↗ academic

    Global academic inventory of commercial spyware. Documents that between 2011 and 2023 at least 74 governments signed contracts with commercial spyware or digital-forensics firms.

Related pieces