Moroccan Intelligence Insider Reveals Widespread Pegasus Hacking

A former member of Morocco’s domestic intelligence service has provided an unprecedented inside account of how the country deployed Pegasus spyware against domestic and foreign targets.

The Pegasus scandal has a new chapter, and this time the source is inside the operation.

A former member of Morocco’s Direction Generale de la Surveillance du Territoire (DGST) has come forward to reveal how the north African state used hacking software, including the infamous Pegasus spyware developed by Israel’s NSO Group, to surveil its targets. The whistleblower’s account provides the most detailed insider view yet of how a government operates a commercial spyware program at scale.

The Guardian reports that the former intelligence operative helped provide evidence that Morocco’s internal security services deployed Pegasus from at least 2017 against a range of targets, including foreign politicians and journalists. The targets included French and Spanish political figures, among them President Emmanuel Macron, whose phone was reportedly on a list of potential targets.

The revelations are significant because they go beyond the technical evidence that has emerged in previous investigations. Previous reporting on Pegasus relied on forensic analysis of infected phones, network data, and leaked targeting lists. This is different: a human being who was inside the system describing how it worked, who made the targeting decisions, and how the intelligence was used.

Morocco is not the only country to have used Pegasus abusively. The NSO Group’s spyware has been found on the phones of journalists, human rights defenders, and opposition figures in multiple countries, including Mexico, India, Saudi Arabia, and Hungary. But the Moroccan case is particularly significant because of the kingdom’s close security relationship with Western intelligence agencies. Morocco is a key ally in counter-terrorism and migration control, and its intelligence service has long been seen as a trusted partner.

The whistleblower’s account raises uncomfortable questions for that relationship. If Morocco was using Pegasus to spy on French and Spanish politicians, what does that say about the intelligence-sharing arrangements that made such capabilities possible? And if Western governments knew or should have known, what did they do about it?

The NSO Group has consistently maintained that it sells its products only to legitimate government clients and that it cannot control how clients use the software after delivery. Human rights groups have long argued that this defense is inadequate, that NSO knows or should know that its spyware is being used to target journalists and opposition figures.

The Moroccan case suggests that the abuse was not incidental but systematic. According to the whistleblower, domestic intelligence services deployed Pegasus as a standard tool of internal security, targeting not only foreign figures but also Moroccan citizens and activists. The scale of the operation suggests a level of official authorization that goes well beyond individual rogue operators.

The revelations come at a time of growing international concern about commercial spyware. The US government has imposed sanctions on NSO Group and blacklisted its products. Several countries have opened investigations into Pegasus use. But the trade in hacking tools continues, and the list of government clients remains largely secret.

What the Moroccan whistleblower has done is pull back the curtain on one corner of that secret world. The question is whether governments that buy this technology, and the governments that sell it to them, will face consequences.

Scroll to Top