A former member of Morocco's domestic intelligence service has helped to provide an unprecedented insight into how the north African state used hacking software – including Pegasus spyware – to target journalists, human rights defenders, French politicians and Spanish cabinet ministers and police officers. This was reported by Qazaqyia.kz citing The Guardian.

Pegasus, which is manufactured by the Israel-based NSO Group, allows its operator to access everything on a target's mobile phone, including emails, text messages and photographs. It can also activate the phone's recorder and camera, turning it into a listening device.

Although NSO Group says Pegasus is sold only to governments to help them track criminals and terrorists, the spyware is alleged to have been used by several countries to target dissidents, journalists, diplomats and politicians.

Morocco has long denied using Pegasus to target critics at home or abroad, and has claimed that reporters who have investigated NSO Group were "incapable of proving [the country had] any relationship" with the company.

However, evidence from a whistleblower who worked for Morocco's Direction Générale de la Surveillance du Territoire (DGST) for almost a decade suggests the country's internal security services began using Pegasus in 2017 and went on to deploy it against domestic and foreign targets over the course of four years.

Testimony from the source, known by the pseudonym of Safir, forms the basis of a multiyear investigation by the Moroccan journalist Hicham Mansouri, which has led to a collaborative investigation between several media groups, with technical support from Amnesty International's Security Lab.

The consortium, which was coordinated by Forbidden Stories and comprises 14 media organisations – including Le Monde, Haaretz, El Confidencial, Die Zeit and the Guardian – has also analysed material detailing Morocco's surveillance practices, from leaked emails to targeting records relating to Pegasus and other spyware, and from victims' testimony to internal training material. Two other former Moroccan intelligence agents also provided information and corroborated facts. Safir's testimony is corroborated by leaked material, including the Pegasus project dataset, which has been forensically analysed by Amnesty International's Security Lab.

According to information gathered by the consortium, NSO Group representatives gave high-ranking Moroccan intelligence officers and technical experts a long and detailed demonstration of new technologies – including Pegasus – in an expensive villa in Rabat in 2017. The source said the house was nicknamed "the FSSYS villa" after FSSYS Maroc, which was then the Moroccan branch of the UAE-based surveillance intermediary al-Fahad, and which frequently used the property for such demonstrations.

It is understood that those gathered for the demonstration immediately realised Pegasus's "revolutionary" potential as its remote-infection capacity meant they would no longer have to physically access the mobile phones of their targets. As they watched, NSO representatives infected a number of test phones, remotely activating cameras, switching on microphones and accessing data and messages.

The whistleblower has suggested that the hugely expensive spyware was a gift from the UAE. "Millions for the Emiratis, that's nothing," said Safir. "The Emirates bought it and redistributed it to friendly services. You could say it's like Netflix: a friend pays for the subscription, and the others use their account."

Before Pegasus was adopted by the DGST, the service had relied on a mix of old-fashioned human intelligence, targeting terminals in internet cafes and even persuading shopkeepers to sell mobiles pre-infected with other spyware to dissidents. According to Safir, the costly new spyware was used only for high-value targets once cheaper and less sophisticated options had been exhausted. "We never start with Pegasus," they said. "It's the monster's weapon."

Evidence gathered for the journalistic investigation, which is titled the Pegasus Project: Inside the Moroccan Spying Machine, also reveals that four unique Moroccan mobile phone numbers were selected as Pegasus targets in September 2017, seemingly in order to test the fledgling system in Morocco. They included mobile numbers linked to two DGST staff members, which were apparently input to determine the spyware's capabilities.

The leaked database at the centre of a previous Pegasus project investigation reveals that the numbers of Moroccan journalists and human rights defenders began to be put into the Pegasus system that same month – September 2017. Before long, the targeting had begun to extend beyond Morocco's borders.

A Spanish mobile number belonging to Aminatou Haidar, a prominent human rights activist from Western Sahara, was included in the leaked database and found to have been targeted by Pegasus dating back to 2018. Traces of the spyware were also found on a second phone belonging to Haidar in November 2021. Meanwhile, a Spanish mobile number for the journalist Ignacio Cembrero – whose work is focused on the Maghreb – was also listed on the Pegasus project database.

In 2022, the Spanish government revealed that the mobile phones of the prime minister, Pedro Sánchez, were infected with Pegasus.