From Stuxnet to Pegasus: Israel's Cyber Weapons and the Surveillance Industry It Built

The Weapon That Changed Warfare

In 2010, cybersecurity researchers identified a piece of malware unlike anything the world had seen. It did not steal credit card numbers or harvest passwords. It destroyed physical infrastructure. The worm, later named Stuxnet, had been designed to infiltrate Iran's Natanz uranium enrichment facility and sabotage the centrifuges spinning there.^[7] It was the first known cyberweapon deployed as an act of sabotage, and it was built by two nations: the United States and Israel.^[1]

The operation, codenamed "Olympic Games," was initiated in 2006 under the Bush administration and accelerated under President Obama.^[1] On the Israeli side, the technical talent came from Unit 8200, the Israel Defense Forces' elite signals intelligence division.^[6] The target was specific: Siemens Step 7 industrial software controlling the IR-1 centrifuges at Natanz. Stuxnet caused those centrifuges to spin at wildly incorrect speeds while feeding operators display readings that showed everything was normal.^[7] Roughly 1,000 centrifuges were destroyed, approximately 10 percent of Iran's total capacity at the time, setting Tehran's nuclear program back by at least two years.^[7]

Stuxnet was publicly discovered on June 17, 2010. Two years later, on June 1, 2012, David Sanger of The New York Times published a detailed account revealing the joint American and Israeli origins of the operation.^[1] The revelation confirmed what many in the intelligence community already suspected: Israel had become one of the most capable cyber powers on the planet.

Stuxnet destroyed roughly 1,000 centrifuges at Natanz, setting Iran's nuclear program back by at least two years. It remains the first known cyberweapon deployed as an act of sabotage.

From Sabotage to Surveillance

If Stuxnet demonstrated Israel's capacity to build offensive cyber tools for geopolitical ends, the next decade revealed something arguably more consequential: the country's willingness to export that capability.

NSO Group, an Israeli cyber-arms company founded in 2010, developed Pegasus, a spyware tool that can be covertly installed on mobile phones using "zero-click" exploits; no action required by the target.^[2] Once installed, Pegasus can access messages, emails, and photos. It can record calls, activate the camera, and turn on the microphone.^[3] The tool was marketed to governments as a counterterrorism and law enforcement solution. Its actual use proved far broader.

In July 2021, the Pegasus Project brought the scale of that use into public view. Coordinated by the Paris-based nonprofit Forbidden Stories and supported by Amnesty International's Security Lab, the investigation brought together more than 80 journalists from 17 media organizations across 10 countries.^[4] At its center was a leaked list of more than 50,000 phone numbers selected as potential surveillance targets by NSO Group's government clients.^[2]

The numbers belonged to 14 heads of state, including French President Emmanuel Macron and Pakistani Prime Minister Imran Khan.^[3] Six hundred government officials from 34 countries appeared on the list, along with 180 journalists.^[2] The findings were not speculative. Amnesty International's forensic analyses confirmed Pegasus infections on dozens of the devices examined.^[2]

The leaked list contained more than 50,000 phone numbers. Among them: 14 heads of state, 600 government officials, and 180 journalists.

The Khashoggi Connection

One finding from the Pegasus Project stood apart. The investigation revealed that the United Arab Emirates had deployed Pegasus on the phone of Hanan Elatr, the wife of Washington Post columnist Jamal Khashoggi, months before his murder on October 2, 2018.^[3] Khashoggi was killed and dismembered inside the Saudi consulate in Istanbul by a team of Saudi operatives. The surveillance of his wife's phone raised immediate questions about whether Pegasus had played a role in tracking Khashoggi's movements and communications in the period leading up to his assassination.

NSO Group denied involvement. The company has consistently maintained that it does not operate the technology itself; it merely licenses it to sovereign governments.^[2] That distinction has done little to satisfy critics, regulators, or courts.

On November 3, 2021, the U.S. Commerce Department placed NSO Group on its Entity List, effectively blacklisting the company from receiving American technology.^[5] The designation stated that NSO's tools had been "used by foreign governments to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."^[5]

Then came the courtroom. On May 7, 2025, Meta won its long-running lawsuit against NSO Group over the exploitation of a WhatsApp vulnerability. The jury awarded $167.3 million in punitive damages.^[3] It was the first time a spyware firm had been held financially accountable in a U.S. court for deploying its product against a major technology platform.

The Unit 8200 Pipeline

NSO Group did not emerge in isolation. It is one node in a sprawling ecosystem of Israeli surveillance firms, many of them founded by alumni of Unit 8200.^[6] The unit functions as Israel's equivalent of the NSA's signals intelligence operations, and its veterans carry both technical expertise and security clearances into the private sector.

The pipeline has produced a roster of companies that reads like a catalog of the global surveillance industry: Candiru, which sells spyware to governments; Cellebrite, whose phone-cracking tools are used by law enforcement agencies worldwide; Cytrox (now part of the Intellexa alliance), which developed the Predator spyware; Verint/Cognyte, Circles, Cyberbit, QuaDream, and Black Cube.^[6] Each occupies a distinct niche. Collectively, they represent a concentration of surveillance technology exports with few parallels anywhere in the world.

Unit 8200 alumni have founded a roster of surveillance firms that reads like a catalog of the global cyber-arms industry: Candiru, Cellebrite, Cytrox, Verint, Circles, QuaDream, and Black Cube.

Israel's Ministry of Defense oversees export licenses for these technologies, treating them as a form of diplomatic leverage.^[6] Access to Israeli surveillance tools has been offered to foreign governments as part of broader diplomatic negotiations, effectively turning spyware into a strategic asset. The Abraham Accords era saw several Gulf states deepen their relationships with Israeli cyber firms, a development that preceded and, in some cases, facilitated their formal diplomatic normalization with Israel.

What the Record Shows

The trajectory from Stuxnet to Pegasus is not a conspiracy. It is a documented sequence of events, confirmed by investigative journalism, court proceedings, U.S. government designations, and forensic technical analysis. Israel built the world's first cyberweapon alongside the United States, then cultivated a private sector that sells surveillance tools to governments with documented records of human rights abuse. The tools have been found on the phones of reporters, dissidents, opposition politicians, and heads of state. The legal and regulatory consequences are only beginning to materialize, but the technological infrastructure is already global, already deployed, and already in use.