Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents

Agents placed the spyware on her phone after seizing her from the Dubai airport in April 2018.
Jamal Khashoggi event, Instanbul
People hold banners of Jamal Khashoggi during a symbolic funeral prayer for the Saudi journalist in the courtyard of Fatih mosque in Istanbul, on Nov. 16, 2018. (BULENT KILIC/AFP via Getty Images)

United Arab Emirates agents loaded Pegasus spyware on the phone of journalist Jamal Khashoggi’s wife months before his death, the Washington Post first reported Tuesday.

The software was discovered by Citizen Lab, which examined the device at the request of the newspaper and Khashoggi’s wife, Hanan Elatr.

Agents placed the spyware on her phone after seizing her from the Dubai airport in April 2018 and interrogating her, the researchers said. During the interrogations, they seized her two Android phones. Agents typed in a web address that researchers have tied to a network used to spread the spyware.

The Post first reported in July that Elatr was targeted by Pegasus spyware via text messages, but researchers couldn’t tell if the hack was successful. It’s unclear if the spyware launched by UAE agents finished installing on the phone, Citizen Lab researcher Bill Marczak told the Post. However, the new findings are the first to directly tie a UAE government agency to the use of spyware on someone close to Khashoggi in the months leading up to his murder.


U.S. intelligence agencies have concluded that Saudi prince Mohammad bin Salman approved Khashoggi’s murder. He denies any involvement.

“NSO Group conducted a review which determined that Pegasus was not used to listen to, monitor, track, or collect information about Ms. Elatr,” NSO attorney Thomas Clare told the newspaper. “The Post’s continued efforts to falsely connect NSO Group to the heinous murder of Mr. Khashoggi are baffling.”

The report comes on the heels of two other new investigations unearthing NSO Group spyware on the phones of activists and human rights defenders.

Citizen Lab found two instances in the past two years of NSO Group Pegasus software being used to hack two separate Polish opposition leaders, the Associated Press reported Monday. An analysis by Amnesty International and the Citizen Lab also found NSO Group spyware on the mobile phone of a former UN investigator looking into war crimes in Yemen, The Guardian also reported Monday.

The NSO Group’s spyware attracted international scrutiny after a joint investigation this summer between Amnesty, French journalism nonprofit Forbidden Stories and 17 media organizations revealed that between July 2014 and July 2021, the NSO Group’s Pegasus software was used to target more than three dozen smartphones belonging to journalists, human rights activists and business executives.


In the months since the United States has blacklisted the Israeli company and called on allied nations to address the threat spyware poses to human rights.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts