(Bloomberg) -- A hacking campaign targeted prominent journalists, lawyers and activists tied to Jordan — including critics of the government — with spyware sold by the Israeli company NSO Group, according to new research.

Between 2019 and 2023, at least 35 people were targeted with the spyware, known as Pegasus, a consortium of digital rights groups led by Access Now and Citizen Lab concluded in a report released Thursday.

Pegasus is designed to silently infect mobile phones to steal private data and record calls and messages. NSO Group has said the technology, which it sells only to governments and intelligence agencies, aids the fight against serious crime and terrorism. But rights groups and media organizations have alleged that the company’s tools have been repeatedly used by authoritarian governments to crack down on opponents.

Those targeted in the Jordan-linked campaign included prominent human rights representatives, activists, politicians, journalists and information technologists, according to the report.

"Pegasus spyware is enabling a colossal erosion of privacy and civic space in Jordan,” said Marwa Fatafta, MENA policy and advocacy director at Access Now. “This adds to the long list of human rights abuses facilitated by NSO Group around the world.”

The report doesn’t directly blame Jordan’s government for the hacking spree but calls on it to carry out an independent investigation into the intrusions. The report also urges all governments, including Jordan’s, to halt the use of Pegasus spyware.

Representatives for the Jordanian government didn’t respond to requests for comment. Jordan is one of the few countries in the Middle East to have formal relations with Israel.

An NSO Group spokesperson said the company “complies with all laws and regulations and only sells to vetted intelligence and law enforcement agencies.” It has the “industry’s leading compliance and human rights program, which protects against misuse by government entities and is investigating all credible claims of misuse,” the spokesperson added.The spokesperson declined to comment on whether Jordan was a customer, citing “regulatory constraints.” 

Some of the Jordan critics who were hacked discovered they had been targeted after receiving a notification from Apple Inc. warning them that a state-sponsored attacker had tried to access their device remotely.

One such victim was Adam Coogle, deputy director of Human Rights Watch’s Middle East and North Africa division, who was hacked in October 2022, according to the report. The Pegasus spyware exploited a “zero-click” vulnerability on his phone to infect it without requiring Coogle to click on any malicious link or perform any other action. The attack occurred two weeks after Human Rights Watch had published a critical report on alleged government repression in Jordan, according to the report.

Two Human Rights Watch staff members based in Jordan, including Coogle, were repeatedly targeted by advanced spyware, according to the organization.

Coogle’s phone was briefly infected with Pegasus in 2022, while attempted hacks targeting him and a colleague last year were unsuccessful, probably due to enhanced security features introduced by Apple, Human Rights Watch said in a statement on Thursday.

In November 2021, following persistent reports of abuse involving NSO’s technology, the US Commerce Department blacklisted the company, accusing it of enabling “transnational repression.”NSO Group later weighed shutting down its Pegasus arm. It also cut staff and increased prices as it battled to overcome financial pressures due to repeated controversies over its products. But there are signs the company has started to stabilize. It recently leased four floors of a new office building near Tel Aviv amid plans to reorganize and expand, according to a report in the business publication Globes.

(Updates with Human Rights Watch comment in the twelfth paragraph.)

©2024 Bloomberg L.P.