On April 22, 2018, at Dubai International Airport, UAE authorities detained Hanan Elatr, wife of Saudi journalist Jamal Khashoggi. At 10:14 local time (Dubai), an unidentified UAE official accessed her Android phone, manually navigating the Chrome browser to a Pegasus infection link. This website, configured for the UAE government's NSO Group account, initiated silent installation of surveillance software. The phone transmitted 27 status reports over 40 seconds, completing the compromise process in 72 seconds.

This incident represents a confirmed deployment of NSO Group's Pegasus spyware against a target within the immediate network of Jamal Khashoggi. Concurrently, other key associates, including Omar Abdulaziz, Khashoggi's primary collaborator on Saudi opposition projects, were also compromised by Pegasus, as documented by Citizen Lab in summer 2018. NSO Group, founded by former Unit 8200 alumni, maintains that Pegasus is sold exclusively to vetted governments for counter-terrorism and serious crime; however, extensive research indicates widespread deployment against journalists, activists, and dissidents.

Despite NSO Group CEO Shalev Hulio's public denials, and claims by company attorneys regarding technical implausibility of manual installation, forensic analysis by Bill Marczak definitively established the UAE operator's manual entry of the Pegasus URL and subsequent system reports. The broader Pegasus Project, initiated following a leak of 50,000 potential targets to Forbidden Stories and Amnesty International, confirmed widespread government misuse, implicating clients like Saudi Arabia, UAE, and Hungary in targeting over 180 journalists and several heads of state, including French President Emmanuel Macron. Such documented inconsistencies between corporate statements and forensic evidence persist.

RECOMMENDATION: The ongoing legal and regulatory actions, including WhatsApp's successful lawsuit culminating in a $168 million damages award on May 6, 2025, and NSO Group's placement on the U.S. Department of Commerce Entity List, underscore the critical need for sustained accountability within the commercial spyware industry. While these measures address specific infringements and restrict certain operations, the proliferation of similar tools by other vendors like Intellexa, Candiru, and QuaDream indicates a systemic vulnerability that requires broader international regulatory frameworks and enforcement to prevent future abuses against human rights and journalistic integrity.