Crossroads Asia

Kazakh Activists’ Phones Infected With Pegasus Spyware

Recent Features

Crossroads Asia | Security | Central Asia

Kazakh Activists’ Phones Infected With Pegasus Spyware

According to Amnesty International, the phones of four Kazakh activists were confirmed to have been infected with the Pegasus spyware. There are likely more.

Kazakh Activists’ Phones Infected With Pegasus Spyware
Credit: depositphotos

After conducing a forensic analysis of the phones of nine Kazakh human rights activists, Amnesty International’s Security Lab found four to have been infected by the Pegasus spyware.

Pegasus is a spyware tool developed by Israeli technology company NSO Group. In July 2021, Paris-based media non-profit Forbidden Stories, with assistance from Amnesty International, and in collaboration with 17 media organizations around the world began publishing stories under what they called “The Pegasus Project” sparked by a leak of 50,000 phone numbers believed to be potential targets of the software. 

The Pegasus Project believes that the list of numbers was compiled by clients of NSO Group. The list did not include identifying information, making the process of investigating who the numbers belong to and if their phones were actually infected with the software a long process. 

Nearly 2,000 of the numbers were linked to Kazakhstan, and in June the Organized Crime and Corruption Reporting Project (OCCRP) reported that 92 numbers had been identified. Significantly, while the reporters believed that the software was deployed on behalf of the Kazakh government, many of those identified were among the country’s elite. Among the numbers identified in June were those of three journalists (Bakhytzhan Toregozhina, Bigeldy Gabdullin, Serikzhan Mauletbay), and two French activists who were involved in Kazakhstan. But more of the then-identified numbers belonged to the Kazakh elite, from President Kassym Jomart-Tokayev and Prime Minister Askar Mamin to Kazakhstan’s richest man, Bulat Utemuratov.

Amnesty International’s recent news, however, highlights that the phones of four activists were found to have been infected with the Pegasus spyware, which as OCCRP described it can “extract data, conversations, contacts, and call logs from the victim’s phone” as well as “switch on microphones and cameras to silently record live audio and video.” This is a step beyond merely being listed as a possible target, to confirmation of having been targeted.

Three of the four — Aizat Abilseit, Dimash Alzhanov, and Tamina Ospanova — had received notifications from Apple on November 24 warning of a “state-sponsored attacker.” A day earlier, Apple announced that it was suing NSO Group “to hold it accountable for the surveillance and targeting of Apple users” and began notifying users that it discovered may have been targeted. The fourth Kazakh activist, Darkhan Sharipov, whose phone Amnesty International’s Security Lab examined, was not notified, suggesting, “that the notified individuals represent only a fraction of the human rights activists targeted with the Pegasus spyware in Kazakhstan.”

Abilseit, Alzhanov, Ospanova, and Sharipov are all members of the “Oyan, Qazaqstan” movement, suggesting also that others involved in the movement may also have been targeted. According to Amnesty International: “The mobile devices of all four activists were infected with the spyware between 3 and 5 June 2021. On 5 June, ‘Oyan, Qazaqstan’ was hosting one of their public #Seruen events where activists could meet face-to-face in public spaces. The surveillance campaign continued until at least July 2021.”

Much remains unknown about the Pegasus software, NSO Group’s clients, and how the software may have been used once installed on a user’s device. Marie Struthers, Amnesty International’s director for Eastern Europe and Central Asia was quoted in the group’s press releases as saying that “[t]his case adds to an already mounting pile of evidence that NSO’s spyware is the weapon of choice for governments seeking to silence social movements and crush dissent.”

The earlier revelations that some of the Kazakh numbers possibly infected by Pegasus belonged to high-profile figures in the country’s business and political elite suggests an even wider application. Given that so much of the actual activity in Kazakh politics occurs within the elite — often out of view of the public — it’s not surprising that the government is spying on the upper crust as much as it is tracking activists making noise outside the establishment.