A London High Court judge awarded Saudi satirist and activist Ghanem Al-Masarir more than £3 million (~$4.1M) in damages after finding a “compelling basis” that his iPhones were hacked using NSO Group’s Pegasus spyware, resulting in data exfiltration. The court concluded the intrusion was “directed or authorised” by the Kingdom of Saudi Arabia (KSA) or agents acting on its behalf, rejecting Saudi Arabia’s attempt to avoid the case via state immunity arguments and proceeding after the kingdom stopped participating in the litigation.
The ruling cited digital forensic evidence, including analysis by Citizen Lab researcher Bill Marczak, who identified malicious text messages consistent with Pegasus delivery and attributed the infections to the KSA. Al-Masarir alleged the spyware enabled extensive surveillance capabilities—location tracking, access to stored data, and activation of microphones/cameras—and said the targeting coincided with a 2018 physical assault in London that caused injuries and contributed to severe personal and professional harm, including ending his YouTube activity criticizing the Saudi government.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
On January 26, 2026, Judge Pushpinder Saini awarded Ghanem Al-Masarir more than £3 million in damages after finding compelling evidence that Pegasus spyware infected his devices. The ruling held that the hacking was directed or authorized by Saudi Arabia and recognized severe privacy and personal harms, including psychiatric injury and loss of income.
After 2023, Saudi Arabia no longer filed a defense or otherwise engaged with the court proceedings. This non-participation contributed to the court entering summary judgment.
In 2022, the High Court rejected Saudi Arabia's attempt to claim state immunity in the case. After this failed defense, the Kingdom later stopped participating in the proceedings.
Ghanem Al-Masarir sued the Saudi government in 2019 over the alleged Pegasus targeting of his phone. The case sought accountability for the spyware intrusion and related harms.
In 2018, Ghanem Al-Masarir's iPhones were hacked using NSO Group's Pegasus spyware, with forensic evidence indicating data exfiltration and surveillance capabilities. The High Court later found a compelling basis that the operation was directed or authorized by Saudi Arabia or its agents.
The court later found Saudi Arabia was probably responsible for a physical assault on Saudi dissident Ghanem Al-Masarir in London as part of efforts to silence his criticism. The assault was described as occurring around the same period as the spyware targeting in 2018.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
grahamcluley.com
Open sourcescworld.com
Open sourcetechcrunch.com
Open sourcetherecord.media
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.