How Is Morocco Using Pegasus Spyware to Target Dissent?

How Is Morocco Using Pegasus Spyware to Target Dissent?

The silent infiltration of high-security handheld devices by military-grade surveillance tools has fundamentally altered the paradigm of national security and individual privacy in the modern era. The emergence of Pegasus spyware, a sophisticated creation of the Israeli firm NSO Group, represents a definitive turning point where digital espionage no longer requires the active cooperation or negligence of the target. Unlike the phishing campaigns of previous decades that necessitated clicking a malicious link or downloading a suspicious file, this “zero-click” technology exploits hidden vulnerabilities in mobile operating systems to gain entry without a trace. This capability allows state actors to bypass the most advanced encryption and security patches, effectively turning a target’s most intimate device into a relentless surveillance tool that operates entirely in the shadows. The Moroccan government has been at the forefront of this digital arms race, integrating these invisible intrusions into a broader strategy of political control that prioritizes the monitoring of journalists, activists, and perceived internal threats over traditional security goals.

Once a smartphone is successfully compromised by Pegasus, the level of access granted to the operator is virtually absolute, leaving no corner of the user’s digital life untouched. The software essentially seizes the device’s kernel, allowing the remote operator to extract encrypted messages from platforms like WhatsApp and Signal, monitor live phone calls, and download entire photo galleries and contact lists. Perhaps most alarmingly, the spyware allows for the clandestine activation of the phone’s microphone and camera, enabling state agents to record private meetings and ambient sounds in real time without any indicator appearing on the screen. By providing a continuous stream of real-time location data and personal communication, the system allows for a degree of micromanagement over the lives of citizens that was previously the stuff of science fiction. While the developers claim these tools are strictly for the prevention of terrorism, the systematic deployment against civil society in Morocco suggests a much more targeted and repressive objective.

Exposing the Moroccan Surveillance Apparatus

The Whistleblower’s Revelation: Unmasking Internal Operations

The curtain of state-mandated secrecy surrounding Morocco’s extensive use of the Pegasus spyware suite began to unravel following significant international investigations that identified the kingdom as one of the most prolific clients of the NSO Group. In the face of mounting technical evidence, the Moroccan government did not merely issue denials; it engaged in an aggressive campaign of “lawfare,” launching multiple defamation lawsuits in European courts to intimidate journalists and researchers who exposed their activities. These legal maneuvers were carefully calibrated to shift the narrative from state surveillance to professional victimhood, attempting to discredit the forensic findings that linked the state’s intelligence agencies to thousands of targeted phone numbers. However, the sheer volume of corroborating data from various international human rights organizations made these institutional denials increasingly difficult to maintain on the global stage.

A decisive break in the case occurred when a former officer within Morocco’s internal intelligence agency, the DGST, came forward under the pseudonym “Safir” to provide a firsthand account of the kingdom’s hacking units. His testimony detailed a decade-long trajectory of surveillance expansion, illustrating how the Moroccan state moved from rudimentary monitoring to the adoption of the world’s most advanced digital weapons. Safir’s disclosures were far from unsubstantiated claims; they were rigorously verified by independent forensic analysts who cross-referenced his internal knowledge with leaked databases of targeted individuals. According to his testimony, the Moroccan government perceived Pegasus as a vital asset for neutralizing what it termed domestic “enemies,” which included anyone from independent investigative reporters to advocates for regional autonomy. This internal perspective confirmed that the primary target was not organized crime, but the very people calling for transparency and reform within the Moroccan state.

The Mask of Private Intermediaries: Corporate Shielding Tactics

To navigate the complexities of international trade and maintain a thin veneer of plausible deniability, the Moroccan state avoided direct transactions with the NSO Group through its official defense or interior ministries. Instead, the administration funneled its surveillance budget through a private intermediary firm known as FSSYS Maroc, based in the administrative heart of Rabat. This corporate buffer served as the primary interlocutor for technical support and financial payments, effectively sanitizing the paper trail that would otherwise link the Moroccan intelligence services to the Israeli software developer. By utilizing a private entity as a front for state operations, the government was able to bypass domestic oversight and international scrutiny, presenting the acquisition of spyware as a commercial enterprise rather than a military or intelligence expansion. This strategic use of corporate shells highlights the growing trend of states outsourcing their most controversial activities to the private sector to avoid direct accountability.

The operational landscape was further complicated by deep-seated regional alliances, particularly involving interests from the United Arab Emirates that held significant stakes in the intermediary companies managing the spyware. Public records and investigative reports indicate that these Emirati entities, which maintain close ties to their own national security apparatus, facilitated the transfer of technology and operational knowledge to their Moroccan counterparts. This cross-border collaboration suggests the existence of a localized intelligence-sharing nexus where authoritarian regimes pool resources to refine their methods of digital repression. By leveraging the private market for spyware, these nations can form clandestine security pacts that are shielded from the eyes of their own citizens and the international community. The partnership between FSSYS Maroc and regional actors demonstrates that the trade in Pegasus is not just a commercial transaction but a foundational element of a new, interconnected infrastructure for state surveillance across North Africa and the Middle East.

The Mechanics of Digital Infiltration

Tactical Workflow: The Mechanics of Network Hijacking

The technical execution of a Pegasus attack within the Moroccan context followed a highly structured workflow that integrated traditional intelligence gathering with cutting-edge cyber exploits. The process typically began with the DGST obtaining the International Mobile Equipment Identity (IMEI) number of a specific target, which served as a digital fingerprint for the intended device. This identifier was then fed into a specialized unit within the intelligence agency, which managed the infection phase through a custom-built dashboard provided by the NSO Group. While Moroccan agents were responsible for identifying the targets and analyzing the stolen data, the underlying technical infrastructure and the servers required to maintain the infection were often managed or supported by the developers themselves. This division of labor allowed the state to focus on the political objectives of the surveillance while relying on external experts to maintain the stability and invisibility of the hacking tool.

One of the most devastatingly effective methods employed by the Moroccan state was the “network injection” attack, which operates at the national infrastructure level rather than the individual device level. By installing specialized “man-in-the-middle” hardware at major telecommunications hubs, the state could intercept the web traffic of any user connected to the domestic mobile network. When a target attempted to browse a legitimate website, the system would automatically and invisibly redirect their connection to a Pegasus infection server for a fraction of a second. This method is considered the gold standard of espionage because the target is never prompted to take any action, and there are no suspicious messages or emails to alert them to the breach. The ability to co-opt national telecommunications providers for the purpose of infection signifies a totalizing power, where the very tools citizens use to connect to the world are weaponized against them by their own government, rendering traditional digital hygiene and security measures largely ineffective.

Corporate Culpability: Partnerships in Digital Surveillance

The NSO Group has long maintained a public stance of neutrality, claiming that it merely sells a product and has no visibility into how its sovereign clients utilize the software after the point of sale. However, technical analysis by independent security researchers suggests that this claim is a functional impossibility given the complexity of the Pegasus architecture. The firm is responsible for managing the public-facing server infrastructure, providing continuous technical support, and issuing frequent software updates to ensure the spyware remains compatible with the latest mobile operating system patches. This ongoing technical relationship indicates that the NSO Group is not a passive vendor but an active participant in the lifecycle of every surveillance operation conducted by its clients. If a client like Morocco targets a journalist, the developer provides the necessary technical updates and server stability to ensure that the targeting remains successful, making them a silent partner in the resulting human rights violations.

The depth of this corporate involvement is further evidenced by reports of NSO executives traveling on diplomatic passports to facilitate high-level sales and provide on-site training to intelligence units. This blurring of the lines between private technology firms and state-sponsored diplomacy suggests that the trade in spyware has become an instrument of foreign policy as much as a business venture. When a private corporation provides the tools for systematic repression while operating under the protection and encouragement of its own home state, the existing frameworks for international law and corporate responsibility prove woefully inadequate. The relationship between the NSO Group and the Moroccan state is characterized by a shared commitment to secrecy and mutual benefit, where the developer gains a lucrative, long-term client and the state gains an unparalleled tool for domestic control. This lack of transparency ensures that neither the corporation nor the government faces significant pressure to adhere to the human rights standards they claim to support.

The Human Cost of State Espionage

Weaponizing Information: The Strategy of Character Assassination

The practical application of Pegasus in Morocco is most vividly illustrated by the systematic targeting of investigative journalists like Omar Radi, whose work often challenged the state’s economic and political narratives. After his phone was repeatedly compromised through network injection attacks, Radi became the subject of a sophisticated campaign of intimidation that combined digital surveillance with traditional judicial harassment. He was eventually arrested on a dual set of charges: espionage and sexual assault, the latter of which was viewed by international observers as a classic “trumped-up” charge designed to destroy his public reputation. By using the intimate information gathered from his private devices, the state was able to construct a narrative that painted a vocal critic as a common criminal, thereby minimizing the international outcry that would have followed a purely political arrest. This tactic represents a strategic shift in how dissent is handled, focusing on character assassination and moral delegitimization to silence voices of opposition.

The case of activist Maati Monjib further highlights the extreme psychological toll and social devastation wrought by continuous state surveillance. Monjib, a historian and prominent advocate for free expression, endured years of digital intrusion that preceded his conviction for undermining state security. The information extracted from his devices was used not only to monitor his movements but also to target his professional network and extended family, creating an atmosphere of pervasive fear that isolated him from his community. Monjib’s experience underscores that the goal of using Pegasus is often not just the collection of intelligence, but the creation of a comprehensive dossier of personal vulnerabilities that can be weaponized in a court of law or leaked to state-aligned media outlets. The state’s ability to reach into the most private aspects of an individual’s life ensures that the cost of dissent is high, leading to professional ruin, forced exile, and the erosion of the victim’s mental well-being under the constant pressure of being watched.

Global Implications: Redefining Human Rights Standards

The normalization of high-end surveillance tools like Pegasus indicates a broader shift where digital infiltration has moved from the periphery of intelligence gathering to the very center of modern statecraft. Governments across the globe now view the capacity to compromise any citizen’s mobile device as a standard requirement for maintaining internal stability and national security. This perspective poses a fundamental threat to the global democratic order, as the technologies originally marketed as essential for the war on terror are increasingly repurposed to suppress transparency and stifle domestic political competition. As these tools become more accessible and their use more frequent, the traditional boundaries of privacy are being redressed to favor state power over individual rights. The widespread adoption of these methods by the Moroccan state serves as a blueprint for other nations seeking to modernize their apparatus of repression while maintaining a facade of technological advancement.

Despite the U.S. government’s decision to blacklist the NSO Group and its subsidiaries for their role in facilitating malicious cyber activities, the industry continues to thrive under various corporate rebrandings and evolving ownership structures. Meanwhile, the Moroccan government has persisted in its stance of absolute denial, facing remarkably few diplomatic or economic consequences for its documented misuse of the software. This significant accountability gap highlights the urgent necessity for a comprehensive international legal framework that prioritizes human rights over the veil of state secrecy. Without a global consensus on the regulation of the spyware trade and the implementation of rigorous oversight mechanisms, these digital weapons will continue to be used as instruments of political suppression. Protecting the future of free speech and assembly in the digital age requires more than just better encryption; it requires a concerted effort to hold both the states that deploy these tools and the corporations that profit from them to a higher standard of transparency and ethical conduct.

A Path Toward Digital Accountability

The investigation into the deployment of Pegasus in North Africa revealed a disturbing pattern of systemic abuse that transcended simple law enforcement objectives. It was discovered that the infrastructure of digital repression was built on a foundation of technical excellence provided by private actors and a lack of meaningful international regulation. To address these challenges moving forward, the focus must shift toward establishing a moratorium on the sale and transfer of “zero-click” surveillance technology until a rights-respecting regulatory framework is firmly in place. International bodies should work toward a treaty that classifies advanced spyware as a dual-use weapon, requiring the same level of export control and transparency as conventional armaments. This would involve mandatory reporting of end-users and a mechanism for victims of state surveillance to seek legal redress in international courts, bypassing the often-compromised judicial systems within their own countries.

Furthermore, telecommunications companies and technology platforms must play a more proactive role in defending the integrity of their networks against state-sponsored injections. By implementing end-to-end encryption by default and developing more robust detection mechanisms for network-level anomalies, the private sector can significantly raise the cost and complexity of these attacks. Building on these technical defenses, civil society organizations must continue to foster a global network of forensic analysts capable of auditing the devices of high-risk individuals, ensuring that state operations no longer remain invisible. The ultimate goal is to move beyond mere documentation toward an era where the digital sovereignty of the individual is protected by both law and code. By closing the loopholes that allow private intermediaries and state agencies to operate in the shadows, the international community can ensure that the digital age supports the expansion of human freedom rather than providing the tools for its permanent suppression.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later