Morocco's Spy Machine Exposed: Pegasus Was Turned on Journalists, Ministers, and Its Own People

Politics24 articles covering this story· 2026-07-16

Morocco's Spy Machine Exposed: Pegasus Was Turned on Journalists, Ministers, and Its Own People

MoroccoPegasus (spyware)SpywareIsraelRabatNSO Group
Morocco's Spy Machine Exposed: Pegasus Was Turned on Journalists, Ministers, and Its Own People
"Morocco-22" by archer10 (Dennis) is licensed under CC BY-SA 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/2.0/.

The surveillance state rarely announces itself. It works in silence, in the space between a phone screen and the person holding it, in the microseconds it takes for a zero-click exploit to copy a contact list, activate a microphone, and vanish without a trace. For years, Morocco's Direction Générale de la Surveillance du Territoire — the kingdom's domestic intelligence service — allegedly did exactly that, and a former insider has now provided what investigators are calling an unprecedented operational account of how it worked.

The whistleblower, a former member of the DGST, has helped construct a detailed picture of Moroccan deployment of Pegasus spyware beginning around 2017. The targets were not random. According to the account, the operation swept up journalists critical of the Makhzen — the informal power structure surrounding the Moroccan monarchy — as well as human rights defenders operating inside the country. But the operation did not stop at Morocco's borders.

French politicians and Spanish cabinet ministers appear on the list of alleged targets, a detail that transforms what might otherwise read as another authoritarian surveillance story into a full-blown diplomatic crisis. Spain's government acknowledged in 2022 that the phones of Prime Minister Pedro Sánchez and Defense Minister Margarita Robles had been compromised using Pegasus. At the time the intrusions were confirmed by Spain's National Cryptology Centre, the official government body responsible for cybersecurity. The new testimony adds alleged Moroccan authorship to that specific breach — a claim Rabat has consistently denied.

Pegasus itself requires some unpacking, because NSO Group's marketing language has long served as a shield for its clients. The Tel Aviv-area company sells Pegasus exclusively to governments, framing it as a counter-terrorism and law enforcement tool. What the software actually does is operate as one of the most capable mobile surveillance instruments ever built: once installed on a target device — often without any interaction from the victim, via so-called zero-click exploits targeting vulnerabilities in iOS and Android — it can extract messages, emails, contacts, and location data, activate cameras and microphones, and do so while leaving minimal forensic evidence. The University of Toronto's Citizen Lab, which has technically verified dozens of Pegasus infections through device forensics, has documented its use by at least 45 countries.

The whistleblower's account aligns with and extends forensic work that had already placed Morocco in that group. Citizen Lab identified Moroccan Pegasus operators as far back as 2019, and in 2021, the Forbidden Stories journalism consortium — working from a leaked list of 50,000 phone numbers — identified Morocco as a Pegasus client whose alleged target list included French President Emmanuel Macron, a claim the Moroccan government called "false and unfounded." What the new insider account adds is texture: operational intent, internal targeting rationale, and a timeline stretching back to 2017 that predates most of the publicly documented cases.

The implications for press freedom are direct and severe. Moroccan journalist Omar Radi was sentenced to six years in prison in 2021 on charges that rights organizations including Amnesty International described as politically motivated. Amnesty's technical lab confirmed Pegasus had been used against Radi's device. The whistleblower's testimony, if corroborated, would mean that the surveillance of Radi and others like him was not an improvised operation but part of a structured, institutionalized program run from within the state apparatus.

For NSO Group, the account is another thread in an already unraveling corporate narrative. The company has faced export license reviews in Israel, a blacklisting by the U.S. Commerce Department in November 2021 — which cited evidence that NSO tools were used "to conduct transnational repression" — and active litigation in U.S. federal courts brought by Apple and Meta. NSO has repeatedly insisted it investigates credible misuse allegations and terminates contracts when violations are confirmed. It has not, to date, publicly named a single government contract it has terminated for political targeting of journalists.

Morocco sits at a strategic crossroads that has historically afforded it diplomatic insulation: a key EU migration partner, a U.S. counterterrorism ally, and a normalized partner with Israel under the Abraham Accords framework signed in 2020 — the same framework that, notably, expanded official Israeli-Moroccan security cooperation. That geometry has made Western governments slow to press Rabat publicly on surveillance abuses. The whistleblower's emergence, and whatever documentation accompanies the account, may make that diplomatic comfort harder to sustain.

What is confirmed: Pegasus was used against targets in Morocco and in European governments. What is alleged: that the DGST ran a structured, multi-year program with deliberate target selection. What remains unknown: the full extent of the target list, what intelligence was collected, and whether any of the foreign government compromises produced material shared with third parties. Those are the questions Rabat has no interest in answering — which is precisely why the insider decided to talk.

See what people are saying about this story on X.