Forensic investigations and media reports found that Pegasus spyware, developed by Israel-based NSO Group and marketed to governments, was used in Mexico to target a wide range of individuals tied to politically sensitive issues. Confirmed targets included international investigators examining the disappearance of the 43 Ayotzinapa students, journalists, lawyers, human rights defenders, public health advocates backing Mexico’s soda tax, and senior opposition politicians from the PAN party. Citizen Lab linked multiple SMS lure campaigns to Pegasus infrastructure, including domains such as smsmensaje[.]mx, and documented social-engineering messages crafted around news reports, death notices, and other urgent themes.
The disclosures intensified allegations that Mexican authorities used surveillance tools beyond criminal or counterterrorism purposes and instead against critics, civil society, and even internationally appointed officials. Mexican authorities denied responsibility and said they would investigate, but human rights groups, opposition lawmakers, U.N. experts, and European legislators called for an independent international inquiry and a halt to spyware use pending a full probe. The case widened into a major political and human rights scandal, with critics arguing that Mexico could not credibly investigate surveillance abuses allegedly tied to its own government.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
U.N. experts urged a halt to the use of spyware in Mexico and called for a full investigation into the surveillance allegations. Their intervention elevated the matter into an international human rights issue.
After the spyware allegations involving Ayotzinapa investigators were reported, Mexican authorities denied responsibility and said they would investigate. Critics argued that Mexico could not credibly investigate itself and called for an independent international inquiry.
The New York Times reported that international investigators examining the 2014 disappearance of 43 Ayotzinapa students were targeted with Pegasus spyware. Researchers said the Mexico campaign had at least 19 confirmed cases involving civil society members and international officials.
Citizen Lab reported that three senior Mexican opposition politicians from the PAN party were targeted in June and July 2016 with SMS-based Pegasus infection attempts. The report linked the messages to previously identified NSO infrastructure and showed the spyware campaign had expanded into electoral politics.
Citizen Lab disclosed that Mexican journalists, lawyers, a child, scientists, health advocates, and human rights defenders were targeted with NSO Group spyware. The findings tied the campaign to Pegasus exploit infrastructure and broadened public evidence of politically sensitive targeting in Mexico.
Citizen Lab reported that supporters of Mexico’s soda tax were targeted with NSO Group exploit links, extending evidence of Pegasus use against public-interest advocates in the country.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
7 references tracked. Mallory keeps watching after this page renders.
centroprodh.org.mx
Open sourcecitizenlab.ca
Open sourcecitizenlab.ca
Open sourcecitizenlab.ca
Open sourceusnews.com
Open sourcenytimes.com
Open sourcenytimes.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.