In July 2021, the Pegasus Project revealed that more than 400 UK phone numbers were selected between 2017 and 2019 for potential surveillance using Pegasus by government clients. According to the investigation, the principal government responsible for selecting UK numbers appeared to be the United Arab Emirates, a traditional British ally. The investigation also found the first confirmed British victim of a Pegasus infection, human rights activist and lawyer David Haigh. The consortium found that his phone had been successfully infected with the spyware, likely by the UAE because of the activist’s connection with Princess Latifa, another Pegasus victim.
Following the revelations, British MPs questioned the government. A few months later, in October 2021, a British court confirmed the findings of the Pegasus Project, namely that Princess Haya and her close circle were targeted for surveillance with the spyware after she fled Dubai. In reaction to the court ruling, NSO Group excluded UK numbers (numbers with the country code +44) from the numbers that its clients can target.
In November 2021, a couple of days after the United States blacklisted NSO Group, 10 British MPs and peers called on former British Prime minister Boris Johnson to impose sanctions on the Israeli firm, among other things.
In April 2022, Citizen Lab reported that it found several suspected instances of Pegasus infections on a device connected to 10 Downing Street, the British Prime Minister’s office, and to the Foreign and Commonwealth Office (FCO) in 2020 and 2021, and that it had informed the government of the United Kingdom. The laboratory connected the suspected infections of the device at 10 Downing Street to an operator that it believed to be the United Arab Emirates. A British official later confirmed to The New Yorker that the “network was compromised,” but without specifying the spyware used.
The same month, Middle East Eye reported that three UK-based activists, Yahya Assiri, Anas Altikriti and Mohammed Kozbar, had notified NSO Group, Saudi Arabia and the United Arab Emirates of their intention to sue them in the United Kingdom over allegations that the two countries spied on them with Pegasus. The legal action was launched the same month. Palestinian activist and academic Azzam Tamimi joined the lawsuit in November 2022. According to his lawyers who spoke with Middle East Eye, his phone was allegedly targeted with NSO Group’s spyware on several occasions between 2018 and 2019, including while he was in contact with Jamal Khashoggi.
In December 2022, UK-based activist Yusuf al-Jamri, whose phone was allegedly infected in 2019, launched a lawsuit against NSO Group and Bahrain.