Logo
For You News Moroccan Marrakech Agadir Casablanca
Logo
News

New Evidence Links Morocco to Pegasus Spyware Usage, Claims Investigation

PUBLISHED July 17, 2026
New Evidence Links Morocco to Pegasus Spyware Usage, Claims Investigation

A recent investigation published by the French newspaper **Le Monde**, in collaboration with several international media organizations as part of the "Pegasus Project," has unveiled what it describes as "new evidence" indicating Morocco's use of the Israeli spyware program "Pegasus," developed by the NSO Group. This revelation comes despite Morocco's persistent denials of such allegations since they first emerged in 2021.

According to the investigation, the newly surfaced documents include internal papers from the NSO Group disclosed during a lawsuit in the United States, which reference a client code-named "Morgan." The investigation further elaborates that the NSO Group assigned car brand names as code names for its clients, with the first letter corresponding to the respective country, identifying "Morgan" as the code name for Morocco.

The investigation also cites a memo from the French Directorate General for External Security, previously revealed by the Mediapart platform, which states that French intelligence concluded that Morocco and the United Arab Emirates had been using products from the NSO Group at least since 2017.

Furthermore, the inquiry relies on the testimony of an individual using the alias "Safir," identified as a former officer in Morocco's General Directorate for Territorial Surveillance (DGST). The individual stated that the Moroccan internal intelligence agency began employing the Pegasus program in 2017, allowing analysts to access the contents of targeted phones, including messages, calls, and images, through a structured interface.

According to the testimony, the DGST was the primary user of the program, particularly through its Internet Management and Exploitation Division. Based on the alliance's collected information, representatives from the NSO Group presented a detailed and extensive demonstration of new techniques—including Pegasus—to prominent Moroccan intelligence officers and technical experts at an upscale villa in Rabat in 2017.

The villa, known as "Villa Fasis" after the Fasis Morocco branch of the Falcon company, a surveillance intermediary based in the UAE, was reportedly used continuously for such presentations. Attendees recognized immediately the "revolutionary" capabilities of Pegasus, as its ability to remotely infiltrate phones meant they would no longer need physical access to their targets' devices. During the demonstration, NSO representatives allegedly hacked into several test phones, activating cameras, turning on microphones, and accessing data and messages remotely.

The whistleblower highlighted that this expensive spyware was a gift from the UAE, stating, "Millions of Emirati dollars are not a big deal... the UAE purchased the program and redistributed it to friendly entities, similar to a Netflix service: one friend pays for the subscription, and others use their account." The investigation also uncovered additional internal documents from the NSO Group indicating that the company regularly conducted tests on its clients' user phones when introducing new features to the program. The whistleblower asserted that they provided journalists with a list of participants in those tests and their phone numbers, confirming that these numbers appeared in the targeting data referenced in the Pegasus Project investigation in 2021.

Moreover, the investigation revealed that some of these numbers belonged to senior officials within the Moroccan intelligence apparatus, including Abdel Jalil Taki, presented as head of the Internet Management and Exploitation Division. According to the same documents, February 2019 witnessed the launch of a new phone infiltration method via Pegasus, coinciding with a widespread targeting campaign that included the phones of French President Emmanuel Macron and several members of the French government.

The investigation further confirmed that U.S. court documents related to the lawsuit filed by WhatsApp against the NSO Group indicate that the technical infrastructure used in hacking operations is tailored for each client, allowing the tracking of attack sources through the digital footprints left by the program.

The French National Cybersecurity Agency (ANSSI), which examined the phones of several French officials after the 2021 investigations, reportedly detected technical indicators, including email addresses linked to the Pegasus program, which matched indicators previously found on the phones of Moroccan journalists, opposition figures, and human rights defenders, strengthening the hypothesis of a connection between these operations and the same client.

In conclusion, **Le Monde** noted that it reached out to Moroccan authorities and the NSO Group for comments, but neither provided a response by the time of the report's publication.

As reported by al24news.dz.

Lemaroc360 - Morocco News

© 2026 All rights reserved. Published with custom editorial theme.