Pegasus Spyware India, a military-grade phone-hacking tool made by Israel’s NSO Group, has triggered a global scandal.
In July 2021 a consortium of media outlets (“The Pegasus Project”) leaked tens of thousands of potential targets – activists, journalists and politicians worldwide – revealing that India alone had over 300 phone numbers flagged for hacking.
Indian civil society and media immediately raised alarms about the threat to democracy and privacy.
Subsequent forensic investigations (by Amnesty International, Citizen Lab, WhatsApp and others) confirmed multiple Indian cases of Pegasus infection, especially among journalists and opposition figures. In response, the Indian government has flatly denied using Pegasus, claiming all interceptions follow legal safeguards.
Meanwhile the Supreme Court of India launched a special inquiry, and hearings have dragged on from 2021 into 2025 with the government resisting full disclosure.
This report traces the Pegasus spyware scandal in India – the confirmed targets (names), official reactions, legal proceedings, and parallels in other countries – to expose how intrusive surveillance has been used to chill dissent.
NSO Group’s logo on an Israeli office wall. Pegasus is a “malware product made by the Israeli firm NSO” that can covertly turn on a phone’s camera or microphone. The company insists it only sells Pegasus to vetted governments, but the global leak shows how easily it has been abused. Here, Indian journalists and activists take center stage.
Global Leak and Indian Targets of Pegasus Spyware India
In July 2021 media partners including The Wire, Amnesty, Forbes and others published the Pegasus Project revelations.
The leaked database of over 50,000 phone numbers was concentrated in countries known for intense surveillance.
India immediately emerged as a major focus: reports estimated that about 300 Indian phone numbers were on the Pegasus “target” list.
Indian news outlets confirmed that the phone of opposition MP Rahul Gandhi was on the list, along with those of two Union ministers (Ashwini Vaishnaw and Prahlad Singh Patel) and a top virologist, Dr. Gagandeep Kang.
Investigative journalists at The Wire found trace evidence of Pegasus on the phones of their own editors.
“The Wire found traces of the spyware on the devices used by our editors,” said reports. Prominent journalists Siddharth Varadarajan (founding editor of The Wire) and Anand Mangnale (OCCRP South Asia editor) were later confirmed as hacked in October 2023.
In total, Amnesty’s 2023 forensic report documented “continued use of Pegasus…to target high-profile Indian journalists,” marking a repeated assault on press freedoms.
Other names soon surfaced. A Scroll.in exposé named political strategist Prashant Kishor and former Chief Election Commissioner Ashok Lavasa among potential targets.
The leaked list had dozens of Congress leaders and regional politicians, as well as rights activists. Notably, virologist Gagandeep Kang – a vocal COVID-19 scientist – exclaimed she “does nothing controversial” upon seeing her name, highlighting how even apolitical public figures were ensnared.
Amnesty and other watchdogs identified confirmed infections on two journalist phones: former Economic & Political Weekly editor Paranjoy Guha Thakurta and ex-Outlook editor S.N.M. Abdi. (All five petitioners in the Supreme Court case – including Abdi and Guha Thakurta – alleged Pegasus attacks on their phones, and forensics later vindicated two of them.)
In sum, dozens of Indian journalists, opposition leaders, activists and even bureaucrats have been publicly named as Pegasus targets. These include Rahul Gandhi, Siddharth Varadarajan, Anand Mangnale, Prashant Kishor, Ashok Lavasa, Ashwini Vaishnaw, Prahlad Patel, Gagandeep Kang, and others.
Many of the affected – like Varadarajan – say they have “no doubt” the Indian state is behind the hack.
A veteran journalist noted dryly: “I have been part of media outlets that often spout facts that the ruling party dislikes… being on the snooping list was not a surprise”.
Protesters in Kolkata (February 2022) decry “Pegasus snoopgate” and demand accountability. Public outcry has been widespread, with opposition rallies and demonstrations against secret surveillance. In parliament, MPs from multiple parties demanded that the government explain the allegations.
Government Denials and Official Response
The Indian government has consistently denied any wrongdoing. In July 2021, IT Minister Ashwini Vaishnaw told Parliament that the reports were “completely without any substance” and reminded MPs that lawful wiretapping is only done for national security, with safeguards in place.
He said Indian law requires interception orders be authorized by the Home Secretary or a judge, implying no legal procedure was violated. The government also refused to say whether any agency had purchased Pegasus software.
Solicitor General Tushar Mehta, in court filings, labeled the Pegasus reports “unverified and conjectural,” and said petitions were based on media stories, not evidences.
Official statements insisted India respects privacy rights and would punish any illegal surveillance, though no concrete proof was offered.
Behind closed doors, some officials argued that using spyware is not inherently wrong. At a 2025 court hearing, the Solicitor General noted Pakistan and China both employ similar tools, asking rhetorically, “What is wrong if the country also uses it?.
The Modi government has shown little appetite for transparency: the official affidavit in court repeatedly stressed that revealing more could compromise “sovereignty and security,” and it has kept the expert committee’s findings under seal.
Despite denials, internal leaks and data from Meta/WhatsApp suggest otherwise: recent Apple “Lockdown Mode” alerts indicated that over 20 Indian journalists and politicians were targeted in late 2023. Even India’s National Security Adviser felt compelled to deflect by accusing critics of staging a “media trial by NSA”, asserting there was “no case of invasion of privacy”.
Supreme Court Inquiry
The Pegasus controversy quickly became a legal battle. In August 2021 a group of petitioners – including journalists Paranjoy Guha Thakurta and S.N.M. Abdi, research scholar Jagdeep Chhokar, and media veterans N. Ram (ex-Hindueditor) and John Brittas (Rajya Sabha MP) – asked the Supreme Court of India to order an independent probes.
The court initially questioned if it could decide on a purely political issue, but after hearing arguments it appointed a Technical Committee on October 27, 2021.
This committee, chaired by retired Justice R.V. Raveendran, included experts from academia and IT. It took oral testimony from dozens of petitioners (journalists, activists and even BJP MPs like Sashi Kumar and John Brittas) between Dec. 2021 and Feb. 2022.
The committee submitted its final report on July 22, 2022 (which remains under seal as of 2025). In a partial summary that was leaked, the panel found no evidence of Pegasus on any of the 29 phones it examined.
Five devices showed other forms of hacking tools, but none contained the NSO spyware. The panel also noted that Indian agencies had not cooperated with the investigation. (Critics point out that without full cooperation or raw data, such forensic checks can miss sophisticated spyware. Petitioners have insisted the committee was constrained by lack of access to servers or Pegasus buyer records.)
Meanwhile, the Supreme Court continued hearings on the broader issue. In April 2025, a bench of Justices Surya Kant and N.K. Singh discussed if spyware can ever be lawful.
The court observed “there is nothing wrong in using spyware as such” for national security, echoing the Solicitor General’s stance.
But it emphasized a delicate balance: a technical expert (advocate Shyam Divan) argued that while states may use Pegasus for crime or terror investigations, “to turn it against one’s own citizens… would be subversive of democracy”.
The Chief Justice stated that even if sovereignty concerns prevent public release of the report, “those individuals who may have been affected… should certainly be informed”.
In short, the court recognized a right of redress for alleged victims.
The matter is still pending. The court has repeatedly deferred a final ruling and has not disclosed the full technical report to the public. At the latest hearing (April 2025), the judges set July 30, 2025 as the next date. In the meantime the fight has moved on digital platforms: for example, Meta’s filings in a US court exposed that roughly 100 Indians were proven Pegasus victims in a WhatsApp hack campaign.
Chilling Effect on Media and Democracy
Journalists and activists report a profound chilling effect. Many now assume their devices are surveilled, fostering self-censorship. As one targeted editor put it, authorities have always “detested the work that media does,” so seeing their names on a list only affirmed the danger.
Press freedom organisations note that India’s ranking has plummeted in global indices – in 2023 it fell to 161st of 180 countries, the lowest ever. Media watchdogs warn that “press freedom has dwindled under the Modi government, with several journalists arrested” on sedition or anti-state charges.
Since 2021 there have been raids on newsrooms and arrests of at least a dozen reporters and editors (including NewsClick journalists) – actions critics say are consistent with a surveillance-backed clampdown.
Targeted journalists also share personal accounts. Siddharth Varadarajan of The Wire described anger and fear: being on the list “made me angry that they were still after journalists,” he told colleagues.
The ongoing legal case has required many to publicly recount their ordeals: journalist Paranjoy Guha Thakurta testified that his phone was secretly inundated with messages before he noticed malware traces.
Civil society activists like Jagdeep Chhokar argue that spyware’s mere presence violates privacy and press autonomy, even if it was not ultimately installed.
The Supreme Court petitions themselves note that activists and Dalit advocates (e.g. the Bhima-Koregaon case accused) also appear in Pegasus data, raising fear among minority dissenter.
Despite these pressures, many independent outlets continue investigative reporting. But the consensus among media defenders is that Pegasus has “succeeded in suppressing the full free exchange of ideas” in India.
Every new expose now comes with questions: will more names leak? Will phone forensics ever clear those accused? For now, journalists and civil-liberties lawyers consider the Pegasus affair a watershed moment that has “laid bare the scope of surveillance in India”.
Comparative Perspective: Pegasus Around the World
India is not unique. The Pegasus Project and other investigations have documented similar abuses in both democracies and autocracies worldwide:
- Hungary: The far-right government of Viktor Orbán reportedly used Pegasus against domestic opponents. Forbidden Stories research in 2021 showed that Hungary’s security services had “deployed a new weapon…using some of the world’s most invasive spyware against investigative journalists and independent media owners”. In early 2021, forensic analysis on multiple devices confirmed Pegasus infections among Hungarian journalists, prompting legal action against the state.
- Mexico: Citizen Lab studies and a 2022 Reuters report detailed rampant use of Pegasus by Mexican authorities. Even under president López Obrador, “phones of at least three human rights investigators…were infected with Pegasus”. Earlier research found dozens of journalists and activists hacked during previous administrations, making Mexico the single largest market for NSO (over 450 confirmed targets).
- Saudi Arabia: A joint investigation by Guardian and Amnesty revealed that Saudi operatives attempted to hack people close to the slain journalist Jamal Khashoggi both before and after his 2018 murder. Saudi spyware attacks on dissidents are well-documented, and the Khashoggi case underlined how an authoritarian regime used Pegasus to monitor critics abroad.
- France: Even France’s political class has felt the impact. Reports in 2021 disclosed that former President Emmanuel Macron’s phone number was on a Pegasus targeting list (allegedly by Morocco’s intelligence). Many French MPs and journalists appeared in the leaked data. The issue forced the Élysée to hold emergency meetings on cybersecurity, signalling how pervasive the threat is, even among allies.
- Israel: Ironically, controversies have also erupted in Israel itself. In 2022 Israeli media revealed that domestic police had used Pegasus to spy on dozens of its own citizens. Targets included former Prime Minister Netanyahu’s son, opposition activists and government officials. Israel’s prime minister condemned these revelations and ordered an inquiry – highlighting that even creators of the spyware are not immune from abuse.
These examples show that Pegasus spyware does not respect borders or regimes. In autocracies, its use often goes unpunished; in democracies, it provokes public outrage and legal battles. India’s case stands out for its scale and the high profile of those targeted – from former heads of state (Rahul Gandhi was the Congress president) to Supreme Court judges and critical journalists.
Yet many comparisons apply: in Hungary as in India, ruling parties faced accusations of weaponizing Pegasus against opponents; in Mexico and India, rights activists and journalists have borne the brunt; and as in Saudi Arabia, whistleblowers and independent investigators discovered the digital footprints long after attempts at cover-up.
Conclusion: An Ongoing Investigation
The Pegasus spyware India revelations have posed profound questions for India’s democracy: Who decided which phone numbers to surveil, and based on what legal authority? How many Indian citizens were actually hacked, and by whom? With its current posture of denial and secrecy, the Indian government has offered few answers. The Supreme Court’s technical inquiry may eventually shed more light, but its findings (particularly any indication of who commissioned Pegasus) remain hidden from public view.
One thing is clear: Pegasus has escalated India’s surveillance state to unprecedented levels. It has given the state a capability to listen to any mobile phone on demand – a capacity far beyond traditional telecom interception. Most importantly, the confirmed targeting of journalists and opposition figures has eroded trust in the very institutions meant to protect citizens. As legal experts noted in court, spyware bought by the state is always in the end “used by the state”, meaning every citizen’s privacy could be at risk.
This investigative report documents the known facts, from leaked lists to court proceedings, in order to hold power to account. India’s story of Pegasus remains unfinished, with lawyers, journalists and rights defenders continuing to press for the full truth. In the meantime, it serves as a stark warning: digital repression has arrived, and the tools of mass surveillance once reserved for tyrannies are now in Indian hands. Whether democracy can withstand this silent crackdown depends on transparency, judicial oversight, and the enduring resolve of those who dare to report the truth.
Timeline of Key Pegasus Developments in India: (Global dates for context)
- 2019: WhatsApp sues NSO, revealing ~1,400 attempted Pegasus hacks. Court filings later show 100 of the 1,223confirmed victims were in India.
- Jul 2021: The Pegasus Project leaks list of >50,000 numbers. Indian media report ~300 Indian targets, including politicians, bureaucrats, scientists and about 40 journalists. Opposition leader Rahul Gandhi’s phone is named. Parliament erupts in protest.
- Aug 2021: Supreme Court petitions filed by journalists and activists (Chhokar, Guha Thakurta, N. Ram, etc.) seeking probes. Govt files “limited affidavit” denying all allegations.
- Oct 2021: SC appoints a Technical Committee to investigate Pegasus use.
- Jul 2022: Committee submits report. It found no Pegasus spyware on any of 29 examined phones (five had other malware). Govt had not cooperated fully. Report remains sealed by SC.
- Oct 2023: Apple issues Lockdown Mode security alerts – “state-sponsored” attack warnings – to dozens of Indians. Meta later says 20+ Indian politicians/journalists (including Mahua Moitra, Varadarajan) were notified.
- Dec 2023: Amnesty Int’l and Washington Post publish a forensic report confirming Pegasus attacks on Indian journalists (Siddharth Varadarajan, Anand Mangnale).
- Apr 2025: Supreme Court hears arguments. Justices allow national security use of spyware but insist misuse is illegal. Hearing reveals Whatsapp/Meta data that ~100 Indians were Pegasus victims. Court refuses to release full report publicly.
- Jul 2025 (forthcoming): Next hearing scheduled, as petitioners continue to push for judicial accountability.
This reporting about Pegasus Spyware India draws on a wide range of trusted data. Verified reporting and filings including The Wire, Al Jazeera, Reuters, The Times of India, The Indian Express, Scroll.in, Amnesty International, WhatsApp litigation documents, Supreme Court petition texts, media coverage (Al Jazeera, The Guardian, Politico, etc.), and court transcripts. All facts and quotations are cited to these sources.
*You May Be interested in Reading this investigative piece by the same author, “Dark Money: How $1.9 Billion Influenced the 2022 Midterms“.
*Learn More About The Author Here.
