Cybersecurity researchers say that Thai activists involved in the country’s pro-democracy protests had their cell phones or other devices infected and attacked with government-sponsored spyware.
Investigators of the cybersecurity research groups Citizen Lab and iLaw found that at least 30 individuals — including activists, scholars and people working with civil society groups — were targeted for surveillance with Pegasus, a spyware produced by Israeli-based cybersecurity company NSO Group.
Those whose devices were attacked were either involved in the pro-democracy protests that took place between 2020 and 2021, or were publicly critical of the Thai monarchy. The two groups said lawyers who defended the activists also were under such digital surveillance.
The Pegasus spyware is known for “zero-click exploits” which means it can be installed remotely onto a target’s phone, without the target having to click any links or download software.
NSO Group’s products, including the Pegasus software, are typically licensed only to government intelligence and law enforcement agencies to investigate terrorism and serious crime, according to the company’s website.
The company has defended its business in the face of multiple legal challenges, saying its decisions on sales undergo a rigorous ethical vetting process.
The reports by Citizen Lab and iLaw do not accuse any specific government actor but say the use of Pegasus indicates the presence of a government operator.
The attacks on the individuals’ devices spanned from Oct. 2020 to Nov. 2021, a timing “highly relevant to specific Thai political events” since they took place over the period of time when pro-democracy protests erupted across the country.
Thailand’s student-led pro-democracy movement ramped up activities in 2020, largely in reaction to the continuing influence of the military in government and hyper-royalist sentiment.
The movement was able to attract crowds of as many as 20,000-30,000 people in Bangkok in 2020 and had followings in major cities and universities.
The army in 2014 overthrew an elected government, and Prayuth Chan-ocha, the coup leader, was named prime minister after a 2019 general election put in power a military-backed political party.
“There is longstanding evidence showing Pegasus presence in Thailand, indicating that the government would likely have had access to Pegasus during the period in question,” researchers said in the report.
The over 30 individuals targeted were also “of intense interest to the Thai government.”
The victims targeted and the timing of the attacks reflect information that would be easy to obtain by Thai authorities, the researchers said.
“The findings included in this report suggest that NSO Group’s Pegasus spyware was used as part of these efforts to suppress Thai calls for democratic reforms,” Citizen Lab concluded.
Protesters have campaigned for Prayuth and his government to step down and demanded reforms to make the monarchy more accountable and to amend the constitution to make it more democratic.