A UK court ordered the Kingdom of Saudi Arabia to pay £3 million in damages to London-based Saudi dissident Ghanem Al-Masarir after finding his iPhones were infected with NSO Group’s Pegasus spyware as part of a 2018 targeting campaign attributed to a Saudi operator dubbed KINGDOM. The ruling credited expert evidence from Citizen Lab researcher Bill Marczak, and the damages award covered injury, costs, and lost earnings tied to the spyware targeting and related harms; the decision was framed by advocates as a rare avenue for accountability for victims of mercenary spyware and transnational repression.
Separately, civil society groups warned that spyware vendors linked to human rights abuses are attempting to launder their reputations by engaging with diplomatic initiatives intended to curb misuse of commercial hacking tools. The criticism followed an NSO Group “transparency report” highlighting its claimed participation in the Pall Mall Process—a French- and UK-led effort to develop governance for Commercial Cyber Intrusion Capabilities (CCICs)—even as officials said NSO was not invited and participation does not equate to human-rights compliance; critics pointed to continued allegations of Pegasus abuse, including reported targeting of journalists and civil society in countries such as Serbia.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
Civil society organizations publicly warned that spyware vendors linked to human rights abuses were trying to use diplomatic initiatives like the Pall Mall Process to rehabilitate their image without meaningful reform.
After NSO publicized its submission, French and U.K. officials said the company had not been invited and that submitting comments did not amount to participation, compliance, or recognition as a responsible actor.
On January 7, 2026, NSO Group released a transparency report highlighting that it had submitted input to the Pall Mall Process, prompting criticism from civil society groups.
In January 2026, a UK court awarded £3 million to London-based Saudi dissident Ghanem Al-Masarir after finding he had been targeted with NSO Group's Pegasus spyware and crediting expert evidence from Citizen Lab.
Amnesty International reported that Pegasus spyware was used to target Serbian journalists, adding to the record of abuse tied to NSO Group's technology.
France and the U.K. launched the Pall Mall Process in February 2024 to develop governance for Commercial Cyber Intrusion Capabilities such as spyware.
In 2018, Citizen Lab found that a Saudi Pegasus operator it called 'KINGDOM' targeted dissidents abroad, including sending Ghanem Al-Masarir malicious links that led to infection of his iPhone.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
citizenlab.ca
Open sourcetherecord.media
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.