Editor's take: Industry observers are questioning whether NSO Group's newly announced reforms and leadership changes will be enough to convince US regulators to reconsider existing bans. As the debate continues, the power and reach of Pegasus remain central to the broader conversation about surveillance, privacy, and the weaponization of cyber technology.
NSO Group, the Israeli cybersecurity company linked to the controversial Pegasus spyware, has been acquired by a consortium of investors led by Hollywood producer Robert Simonds. The transaction gives Simonds and his partners control of the firm, which has faced international scrutiny over alleged misuse of its surveillance technology. The purchase price was not disclosed.
David Friedman, a former US ambassador to Israel and bankruptcy attorney affiliated with the Trump administration, has stepped in as executive chairman. In an interview with The Wall Street Journal, Friedman outlined a vision to leverage his connections within US political circles, stating, "If the administration, as I expect they'll be, is receptive to considering any opportunity that might keep Americans safer, it will consider us."
He emphasized that his partnership with Simonds is focused on using NSO's technologies for public safety and counter-terrorism, though Simonds declined to comment when approached by reporters.
Friedman added that "the NSO of today is a far more careful company in how it licenses its technology than it was five or six years ago." Nevertheless, concerns over NSO's practices remain widespread. Digital rights researchers note that the company's flagship Pegasus spyware can remotely infiltrate smartphones, granting operators full access to calls, files, messages, the microphone, and the camera – without any action required from the target.
Attack vectors for Pegasus include zero-click exploits – such as those delivered via WhatsApp – and malicious links, making it one of the most sophisticated commercial cyber weapons known.
Security experts at Citizen Lab and Amnesty International report ongoing incidents involving the spyware. Recently, two journalists from Serbia's Balkan Investigative Reporting Network were targeted via Pegasus-infected links sent through the Viber messaging app, according to Amnesty researchers.
Citizen Lab's John Scott-Railton described the risks as an "unbearable temptation for abuse," adding, "I can't think of something more chilling for Americans' basic rights and freedom than some police department reaching into their lives and dumping it on the table in front of a bunch of cops."
NSO Group's business model revolves around licensing cyber-offensive technologies – primarily Pegasus – to government agencies worldwide, including those without domestic cyber capabilities. Once installed, the spyware operates silently, transmitting data back to operators. Researchers have documented that Pegasus can bypass iOS and Android security layers, making it a preferred tool in state-sponsored cyber espionage campaigns.
The US government imposed strict sanctions on NSO in 2021, placing the company on an export prohibition list that blocks American firms from selling certain technologies to it. A March 2023 executive order also banned federal agencies from purchasing spyware that poses "risks to national security" or enables human rights abuses.
In the private sector, Meta won a major judgment against NSO in a California federal court for deploying Pegasus to compromise its servers and users' devices. The damages, initially set at $168 million, were reduced to $4 million, but the court also issued an injunction barring NSO from targeting WhatsApp. NSO is seeking a stay and plans to appeal the order.
Despite public criticism and limited success from a $7.6 million lobbying campaign in Washington between 2020 and 2024, NSO executives remain optimistic about American police departments and intelligence agencies as potential clients. Analysts such as Steve Feldstein of the Carnegie Endowment, however, highlight bipartisan opposition in Congress stemming from documented abuses, including spying on US officials.
NSO executives repeatedly insist they have taken steps to prevent human rights violations, including terminating contracts with clients found to misuse their tools and implementing stricter vetting processes. Friedman acknowledged that the possibility of abuse "comes down to finding trustworthy clients."
Image credit: The Wall Street Journal