NSO Group involved in Paris-Baku information war

Last year in summer 2023, The French ambassador to Armenia Olivier Decottignies has been the target of a disinformation campaign. A screenshot obtained by us indicates his phone may have been hacked by Israeli NSO Group’s Pegasus spyware.

The aim was to extract messages proving his alleged corruption in granting visas for France while in his previous post as France’s consul general in Erbil in Iraqi Kurdistan.

An image of a similar platform was published in 2022 by the Israeli newspaper Haaretz, which described it as a screenshot “of a prototype version of the Pegasus spyware designed for Israeli police back in 2014”.

Intelligence Online conducted a reverse image search on the screenshot Nicolian sent, and the conclusion was clear: the interface pictured is none other than Pegasus spyware’s command-and-control (C2) platform, developed by the Israeli NSO Group. An image of a similar platform was published in 2022 by the Israeli newspaper Haaretz, which described it as a screenshot “of a prototype version of the Pegasus spyware designed for Israeli police back in 2014”.

The tab layout, platform design and colour coding are all identical, but Nicolian’s screenshot and the one published by Haaretz contain significant differences. The outstanding notifications and the number in brackets displayed under each tab are not the same, nor is the date range for interceptions (indicated in the top right). This would suggest that, if the image has been edited, the author has not only modified Haaretz’s screenshot, but may also have had access to the real Pegasus C2 platform in order to create a fake.

In May 2023, a consortium of researchers from NGOs Access Now, Citizen Lab and Amnesty International, as well as the Armenian organisation CyberHUB-AM, published a report showing that 12 people in Armenia had been compromised by Pegasus. While the report remains cautious about attribution, the hacks took place in the midst of the 2023 Nagorno-Karabakh war. Speaking on condition of anonymity, several Intelligence Online sources in Herzliya have nonetheless confirmed that Baku is one of the most active users of Israeli interception services. On this point, NSO Group proved evasive and simply gave its now-standard response: “The company cannot confirm or deny specific customers.”

Israel nonetheless enjoys good relations with France — relations that Tel Aviv is keen to maintain in the current context of the war in Gaza. In February, Baku suggested that the Mossad organise mediation with Paris, an idea that was quickly scrapped.