As many as 35 journalists and civil society members from El Salvador were infected with NSO Group's Pegasus spyware between July 2020 and November 2021, according to a joint report released by Citizen Lab and Access Now with the help of Amnesty International's Security Lab. The journalists who were allegedly targeted by Pegasus have reported on a controversy about the El Salvador government's negotiation of a pact with a gang for reduced violence and electoral support, as well as other sensitive issues concerning President Nayib Armando Bukele's administration. Citizen Lab was able to conclude that the spyware successfully uploaded data from the targets' phone to Pegasus infrastructure. "In several cases, Pegasus apparently exfiltrated multiple gigabytes of data successfully using their mobile data connections," it added. Earlier, in July 2021, an international consortium of media organisations revealed that political leaders, journalists, human rights activists, businessmen, military officials, intelligence agency officials, and several others from countries across the world were targeted for surveillance by Pegasus, but there were no confirmed Salvadoran targets named at that time. Two types of zero-click exploits identified in the Pegasus attacks Citizen Lab identified the Pegasus targets as employees of media organisations such as El Faro, GatoEncerrado, La Prensa Gráfica, Revista Digital Disruptiva, Diario El Mundo, and El Diario de Hoy, as well as two independent journalists. It also found that civil society organisations in El Salvador, including Fundación DTJ, Cristosal, and another NGO, were hacked. While studying the 35 cases, Citizen Lab identified two types of zero-click exploits…
