Governments across Africa are increasingly using sophisticated spyware to monitor and intimidate political opposition. Independent investigations about government spyware surveillance in Africa by Amnesty International, Citizen Lab, Privacy International and major media outlets document dozens of cases since 2015 where states deployed Israeli- and European-made malware tools against activists, journalists, and opposition figures.
These tools including NSO Group’s Pegasus and Gamma Group’s FinFisher (FinSpy) can turn any smartphone into a covert surveillance device, siphoning personal data, messages, and even activating cameras and microphones without a user’s knowledge.
Victims across multiple African countries report pervasive fear that “no one is safe” from remote monitoring. In Namibia, Kenya, and Nigeria, leaked contracts and forensic evidence have named at least seven African states using another Israeli system called Circles to eavesdrop on phone calls and texts.
Another firm, Israel’s Candiru, has been linked to spyware attacks in at least 10 countries globally, suggesting similar possibilities in Africa. This report, based on field investigations and technical analysis, documents the scale and impact of such surveillance, and explains how experts uncover it.
Amnesty and media investigations show that Rwanda’s authorities selected more than 3,500 activists, journalists and politicians as Pegasus targets since 2016. This list of phone numbers included diaspora critics and opposition leaders. Notably, Carine Kanimba, daughter of imprisoned opposition figure Paul Rusesabagina learned her phone had been hacked with Pegasus multiple times.
Kanimba told reporters she felt “in danger” when patterns emerged: “I had suspicions because…people tell me the Rwandan government approached them after I had sent an email or had a phone call…I had an instinct I was being followed or surveilled”. Such evidence, shared with the press by Amnesty International in July 2021, contradicts Rwandan denials and signals a broad surveillance program targeting critics of President Kagame’s regime.
Not only dissidents but even top officials have appeared on spyware hit-lists. In the Pegasus Project leaks, half of the world leaders listed (7 of 14) were African, including South Africa’s President Cyril Ramaphosa and Morocco’s King Mohammed VI. In fact, reports indicate that Rwanda’s intelligence placed Ramaphosa’s number on a target list in 2019.
Morocco’s lists were even more audacious: intelligence agencies allegedly compiled dozens of numbers of Algerian and French officials (including President Macron), alongside surveillance on domestic figures. These cross-border revelations underscore that African states are both users and victims in this digital spycraft competition. (For comparison, the leaked data also identified clients in Mexico, India, and several Middle Eastern nations where activists and journalists have been hacked.)
Key Spyware Players in Africa
NSO Group (Israel) – Creator of Pegasus spyware. Sold Pegasus to at least a dozen African governments (officially for law enforcement). Investigations show misuse against human rights defenders, foreign diplomats and political opponents.
Gamma Group (UK/Germany) – Developer of FinFisher (also called FinSpy). Evidence indicates Gamma sold FinFisher to Uganda in 2011 and possibly to other African security agencies. FinFisher was used to hack protest leaders in Uganda.
Circles (Israel) – A telecom interception platform that taps calls/SMS. Citizen Lab identified Nigeria, Kenya, Zimbabwe, Botswana, Equatorial Guinea, Morocco, and Zambia as customers of Circles, where it was used to eavesdrop on journalists and political figures.
Candiru (Israel) – Advanced spyware company known as an NSO competitor. Leaks show Candiru tools infected smartphones of at least 100 dissidents globally. While African cases of Candiru are not documented publicly, its existence in the region is likely given other African clients (the company’s customers are secret but include foreign governments).
Others: Firms like Italy’s Hacking Team (sold to Ethiopia reportedly) and the French firm Nexa/Amesys (linked to contracts in North Africa) have also provided hacking tools to authoritarian regimes. China’s Huawei is known to control infrastructure in Africa, raising additional cyber-surveillance concerns.
Each of these tools, sold under the guise of fighting crime or terrorism, has repeatedly fallen into the wrong hands. An HRW report noted that “commercial spyware has been repeatedly used to target activists and journalists” with “companies [selling] these technologies to governments known to engage in abuses”.
Pegasus and FinSpy are inherently dangerous: they can silently seize any data on a phone, from contacts and messages to location and browsing history, as well as hijack cameras and microphones for live spying.
(In one Bahraini case, rights lawyer Mohamed al-Tajer explained that after a zero-click Pegasus attack he felt “shocked and saddened” knowing the state “can hack into your device and gain access to all of your personal information, work information, financial information, emails, and personal and family photos”.)
Patterns of Abuse found during government spyware surveillance in Africa
The targeting patterns vary by country but share common themes: securing political power and crushing dissent. Below are notable examples by country, based on published investigations:
Rwanda
(Pegasus surveillance): Rwandan authorities appear to have conducted one of the largest known surveillance sweeps on civil society in Africa. Amnesty’s research showed 3,500+ Rwandan phones were selectedfor Pegasus infection (though actual numbers hacked are lower).
Targets included journalists, opposition members, activists and politicians. The purpose was likely to monitor critics like Paul Rusesabagina and track movements of dissidents abroad. Rwandan officials have dismissed these findings, but victims’ testimony and forensic traces (like the ones found on Kanimba’s phone) make the pattern clear.
Morocco
(Pegasus against activists): Moroccan security services have used Pegasus repeatedly against prominent dissidents. For example, Sahrawi activist Aminatou Haidar discovered via forensic testing that her iPhone was compromised in Sept. 2018 and again in late 2021. Earlier cases include journalist Omar Radi, historian Maati Monjib, and numerous Western Sahara activists who were targeted after post-2015 protests.
Amnesty’s Danna Ingleton notes these hacks came amid “an escalating crackdown of peaceful dissent” in Morocco. Morocco’s king and prime minister were even on Pegasus target lists leaked by the Pegasus Project, a symbolic indication that no one in the regime was fully trusted with mobile security. Morocco has publicly denied all spyware abuse, with NSO Group also refusing comment.
Egypt
(FinFisher/FinSpy phishing): Egypt has employed Germany’s FinFisher tool for at least a decade. In 2019 Amnesty’s lab uncovered a phishing campaign known as “NilePhish,” where activists were lured to fake Adobe Flash update sites delivering FinSpy for Windows. This operation, linked to the government, aimed to infect dissidents’ PCs and phones.
Leaked procurement documents also show Egypt’s security apparatus attempted to buy FinFisher in 2011. The use of FinFisher fits a broader crackdown: Egyptian NGOs, lawyers, and journalists have been systematically surveilled and jailed. As Amnesty’s experts warned, “we have documented the targeting of Egyptian HRDs” in a context of diminishing free speech.
Uganda
(FinFisher on protesters): Privacy International revealed that Uganda’s military intelligence ran Operation Fungua Macho (“open eyes”) in 2012, deploying FinFisher to spy on the opposition during mass protests. Documents show officials explicitly used the spyware to track the leadership of the 2011-2012 “Walk to Work” protests over fuel prices and police abuses. PI quoted Gus Hosein: “We now know that the Ugandan Government used surveillance tools explicitly to be one step ahead of their opponents”.
Local NGO Unwanted Witness called this secret hacking “a sign of a regime becoming weaker and authoritarian,” demanding explanation. The evidence indicates surveillance was integrated with arrests and intimidation during the post-election upheaval, illustrating how state actors combine cyber and on-the-ground repression.
Togo
(Donot Team malware): Ahead of Togo’s 2020 election, Amnesty documented the first known African use of the Indian “Donot Team” spyware. A prominent Togolese activist (name withheld) discovered he was targeted by the malware between Dec 2019–Jan 2020. This Android spyware, sold by India’s Innefu Labs, gives attackers full control over a phone. Amnesty’s Danna Ingleton cautioned, “Across the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of human rights defenders”.
The Togolese case also revealed that the same infrastructure was used to phish Catholic clergy in Togo via a Pegasus-linked WhatsApp exploit, and the Pegasus Project had listed hundreds of Togolese numbers (journalists and opposition) as potential targets. Together, these findings paint a picture of Togo’s security forces quietly adopting foreign spyware to stifle dissent.
Other African states
Evidence has emerged of spyware use elsewhere on the continent. Cameroon and Ethiopia have been linked to Pegasus infections. Nigeria, Kenya, Zambia, Botswana and Zimbabwe are known buyers of telecom-intercept tools like Circles.
In Europe, NSO-linked spyware was even implicated in targeting European officials by Moroccan intelligence, and in targeting an African head of state (Ramaphosa). South Africa itself, though generally democratic, was drawn in – its president was listed as a Rwandan target on Pegasus lists. These incidents show a networked environment where African regimes exchange or share surveillance data.
In summary, the pattern is consistent: many African governments, regardless of political system, have procured high-end surveillance tools under claims of counter-terror or policing, only to deploy them against domestic critics. As one digital rights lawyer notes, these operations “can be political witch hunts” masquerading as security. The clandestine nature of spyware makes it hard to trace, but leaked evidence and forensic analyses have exposed enough to demand accountability.
Technical Forensics: How Spies Are Caught
Spyware like Pegasus claims to be “zero-click” and undetectable, yet forensic experts have developed methods to find its traces. In detailed reports, Amnesty’s Security Lab and Citizen Lab describe the telltale markers on phones once used by Pegasus.
For example, on an iPhone, Pegasus leaves behind unusual IndexedDB entries and cached files in Safari, created by the exploit chain. On Android, remnants of malicious APKs or altered system files can surface. Investigators use backups and specialized tools (like Amnesty’s open-source Mobile Verification Toolkit) to parse these logs.
Such forensic work has confirmed numerous infections. In one high-profile case, researchers extracted an iTunes backup from a journalist’s iPhone and found logs linking back to two separate Pegasus infections.
Even though NSO claims no traces remain, investigators have found crash logs, app data and other digital “breadcrumbs” that unequivocally indicate spyware was present. Amnesty’s 2021 forensic methodology report demonstrated this repeatedly, noting artifacts “linking recent Pegasus infections back to the same 2016 payload”.
These findings are crucial: they have turned allegations into evidence. As privacy experts warn, spyware-induced surveillance should not be dismissed as “wild theory.” Human Rights Watch’s Deborah Brown emphasizes that opaque spyware markets cause real harm:
“Disturbing reports about Pegasus again highlight the harm this opaque industry causes when spyware ends up in the hands of governments that abuse it”. Brown and others call for immediate government action – for example, a moratorium on sales and strict export controls – since traditional self-regulation by firms has failed.
Global Context and Comparative Cases
The African spyware saga mirrors a global crisis of unchecked digital spying. Similar stories emerged on other continents: in India in 2023, Amnesty forensics identified Pegasus traces on two investigative journalists’ iPhones, following false news reports. In Bahrain (Middle East), human rights lawyer Mohamed al-Tajer and others were hacked with Pegasus in 2021, leading Amnesty to warn that the spyware “cannot be trusted to regulate themselves” and calling for an “out-of-control spyware industry” crackdown.
In Latin America, Citizen Lab documented dozens of cases: for instance, 35 journalists and activists in El Salvador were confirmed hacked by Pegasus during 2020-21. Human Rights Watch notes that the 50,000-number Pegasus Project leak was concentrated in countries known for human rights violations, making clear that the issue is not limited to any one region.
All these comparative cases underscore that government spyware in Africa is part of a broader phenomenon. States as varied as Israel, Saudi Arabia, Mexico, Hungary and others have seen their leaders, opponents, or critics targeted by these tools. Even in democratic countries controversies have erupted (e.g. spying scandal in Poland, investigations in the EU) as reported by multiple sources.
The common thread is a surveillance industry booming beyond legal boundaries. The UN and digital rights organizations stress that encrypted, confidential communications are vital for democracy and protest; and that pervasive spying chills dissent worldwide.
Action and Oversight
In response to these revelations, there are growing calls for legal and policy solutions. International bodies have begun to take note: a 2020 UN report warned that using sophisticated surveillance tools against protesters and journalists can “lead to human rights violations”. In March 2024, 17 countries plus the European Commission held a summit in Seoul to address precisely this issue.
The resulting “Commercial Spyware Joint Statement” – pictured below – was signed by officials from the US, EU members, South Korea and others, explicitly urging stricter global norms on selling and using spyware.
Human rights advocates urge African governments to follow suit by enacting transparency and legal constraints. Civil society groups recommend: requiring court warrants for any electronic surveillance; mandating reporting of spyware contracts; and building technical safeguards into state technology procurement. Given the documented abuses, experts assert that companies selling such tools must be held accountable.
As Amnesty’s Danna Ingleton puts it, “Surveillance companies must stop putting profit over people and ensure repressive regimes are not using their technology to put a stranglehold on civil society”. Digital rights NGOs insist that victims have a “right to remedy” and that unchecked spyware exports violate international law.
For the public, awareness is key. Journalists and technologists are developing open-source apps to scan phones for infection. As more cases come to light, there is hope that disclosure deters abuse. Some officials (even in Africa) are calling for investigations. But significant gaps remain: no comprehensive global regulation exists yet for these “spyware-for-hire” companies, and many African states lack robust privacy laws.
Conclusion
The evidence is clear: since 2015, spyware has become a tool of political repression in parts of Africa. By turning victims’ own phones into bugs, governments gain near-total visibility into dissidents’ lives. This undermines privacy, free speech and assembly, rights at the core of democracy.
The investigative findings here make a compelling case that African governments must not be allowed to act with impunity. We join human rights groups in calling on national authorities to review all surveillance contracts, disclose any existing spyware use, and legislate strict oversight in line with international standards.
We also urge the international community and tech sector to support transparency: fund forensic research and advocacy, require licensing for such technology exports, and sanction vendors that aid human rights violations. Above all, journalists and civil society in Africa need protection. The vigilance of forensic analysts and reporters has uncovered these abuses; continued attention will help protect potential targets.
If you are a policymaker, advocate or tech leader, your help is needed. Support open investigations into these claims, and ensure your government does not procure or tolerate illicit spyware tools. Only through combined legal, technical, and public pressure can the misuse of spyware be curtailed and the rights of African citizens secured.
We conclude with this urgent call: Africa’s digital freedoms are at stake. Stakeholders from presidents to parliamentarians, from telecom regulators to judges must scrutinize the unregulated spyware trade. Every surveillance scandal that comes to light should lead to accountability.
The companies profiting from selling these tools must face human rights due diligence. Meanwhile, victims of spyware deserve justice and protection. The task ahead is to turn the tide on secret surveillance.
For policymakers and organizations needing expertise in this area: our investigative agency stands ready to assist. We offer comprehensive research, technical audits, and detailed briefings on digital surveillance threats. Consider hiring our team to conduct in-depth risk assessments of spyware use in your country or sector.
Subscribe to our premium research service for regular intelligence on cybersecurity and rights issues. Advertise with us to reach a specialized audience concerned about tech policy. We also welcome experts to join our paid contributor program and share insights. By partnering with us, you support rigorous journalism and help protect societies from covert cyber repression.
Citations and references
All citations in this investigation correspond to verified sources gathered during extensive research across multiple continents and databases. Full documentation available upon email to support the accuracy and verifiability of all claims made.
- Amnesty International (July 2021), “Pegasus Project: Rwandan authorities chose thousands of activists, journalists and politicians to target with spyware”
- Brookings Institution (Nov 19, 2021), Nathaniel Allen & Matthew La Lime, “How digital espionage tools exacerbate authoritarianism across Africa”
- Quartz Africa (Oct 23, 2023), Jacob Kastrenakes, “African governments rely on Israeli surveillance tool Circles to snoop on dissidents”
- Al Jazeera (July 2021), “Israeli spyware firm Candiru was used to hack at least 100 dissidents”
- Human Rights Watch (July 30, 2021), Deborah Brown, “Unchecked Spyware Industry Enables Abuses”
About Our Investigative Services
Seeking to expose corruption, track illicit financial flows, or investigate complex criminal networks? Our specialized investigative journalism agency has proven expertise in following money trails, documenting human rights violations, and revealing the connections between organized crime and corporate malfeasance across Africa and beyond.
Partner With Us for Impactful Change
Ready to drive transparency and accountability in your sector?
Our investigative expertise and deep industry networks have exposed billion-dollar corruption schemes and influenced policy reform across Africa.
Whether you’re a government agency seeking independent analysis, a corporation requiring risk assessment and due diligence, or a development organization needing evidence-based research, our team delivers results that matter.
Join our exclusive network of premium subscribers for early access to groundbreaking investigations, or contribute your expertise through our paid contributor program that reaches decision-makers across the continent.
For organizations committed to transparency and reform, we also offer strategic partnership opportunities and targeted advertising placements that align with our mission.
Uncover unparalleled strategic insights by joining our paid contributor program, subscribing to one of our premium plans, advertising with us, or reaching out to discuss how our media relations and agency services can elevate your brand’s presence and impact in the marketplace.
Contact us today to explore how our investigative intelligence can advance your objectives and create lasting impact.
