Mexico's President Andres Manuel Lopez Obrador speaks during a news conference in Mexico City on September 30, 2022. A joint report published on October 2 found that Pegasus spyware infected the devices of two Mexican journalists and a human rights defender between 2019 and 2021. (Reuters/Henry Romero)

At least 2 Mexican journalists targeted by Pegasus spyware since López Obrador took office

Mexico City, October 3, 2022 – In response to a joint report published Sunday that found Pegasus spyware infected the devices of two Mexican journalists and a human rights defender between 2019 and 2021, the Committee to Protect Journalists issued the following statement:

“This new report definitively shows that Mexico’s President Andrés Manuel López Obrador can no longer hide behind blaming his predecessor for widespread use of Pegasus in Mexico,” said Jan-Albert Hootsen, CPJ’s Mexico representative. “Mexican authorities must immediately and transparently investigate the use of Pegasus and other spyware to target journalists during his administration, as well as push for more regulations to end the use of this technology against the press once and for all.”

The report was published by the Mexican digital rights organization R3D (Red en los Defensa de los Derechos Digitales) and rights and research groups Article 19 and SocialTIC. The University of Toronto’s Citizen Lab conducted a forensic analysis of the devices.

The device of an unnamed journalist from the online outlet Animal Político was infected in 2021, according to the report. Journalist Ricardo Raphael, a columnist for news magazine Proceso and newspaper Milenio Diario who was previously targeted in 2016 and 2017, was hacked with Pegasus at least three times in October and December 2019 and again in December 2020.

According to Citizen Lab, the more recent cases differ from previous use of Pegasus against Mexican journalists in several ways, including the use of zero-click attacks rather than malicious text messages designed to trick targets into clicking on links triggering an infection.

CPJ has documented how spyware is used to target journalists and those close to them worldwide, including repeated cases of Pegasus infections targeting journalists in Mexico, and has called for a moratorium on its trade pending better safeguards.

Israeli firm NSO Group says it only licenses its Pegasus spyware to government agencies investigating crime and terrorism. Mexican president López Obrador said in his daily press conferences earlier today that his government may address the revelations later this week.