KYIV, Ukraine — The Israeli government rejected requests from Ukraine and Estonia in recent years to purchase and use Pegasus — the powerful spyware tool — to hack Russian mobile phone numbers, according to people with knowledge of the discussions.
Israel feared that selling the cyberweapon to adversaries of Russia would damage Israel’s relationship with the Kremlin, they said.
Both Ukraine and Estonia had hoped to buy Pegasus to gain access to Russian phones, presumably as part of intelligence operations targeting their increasingly menacing neighbor in the years before Russia carried out its invasion of Ukraine.
But Israel’s Ministry of Defense refused to grant licenses to NSO Group, the company that makes Pegasus, to sell to Estonia and Ukraine if the goal of those nations was to use the weapon against Russia. The decisions came after years of Israel providing licenses to foreign governments that used the spyware as a tool of domestic repression.
Pegasus is a so-called zero-click hacking tool, meaning that it can stealthily and remotely extract everything from a target’s mobile phone, including photos, contacts, messages and video recordings, without the user having to click on a phishing link to give Pegasus remote access. It can also turn the mobile phone into a tracking and secret recording device, allowing the phone to spy on its owner.
In the case of Ukraine, the requests for Pegasus go back several years. Since the Russian invasion of Crimea in 2014, the country has increasingly seen itself as a direct target of Russian aggression and espionage. Ukrainian officials have sought Israeli defense equipment to counter the Russian threat, but Israel has imposed a near-total embargo on selling weapons, including Pegasus, to Ukraine.
In the Estonian case, negotiations to purchase Pegasus began in 2018, and Israel at first authorized Estonia to have the system, apparently unaware that Estonia planned to use the system to attack Russian phones. The Estonian government made a large down payment on the $30 million it had pledged for the system.
The following year, however, a senior Russian defense official contacted Israel security agencies to notify them that Russia had learned of Estonia’s plans to use Pegasus against Russia. After a fierce debate among Israeli officials, Israel’s Ministry of Defense blocked Estonia from using the spyware on any Russian mobile numbers worldwide.
Israel’s relationship with Russia has come under close scrutiny since Russia’s invasion of Ukraine began several weeks ago, and Ukrainian officials have publicly called out Israel’s government for offering only limited support to Ukraine’s embattled government and bowing to Russian pressure.
During a virtual speech to the Knesset, Israel’s parliament, on Sunday, President Volodymyr Zelensky of Ukraine criticized Israel for not providing his country with the Iron Dome antimissile system and other defensive weapons, and for not joining other Western nations in imposing strict economic sanctions on Russia.
Invoking the Holocaust, Mr. Zelensky said that Russia’s war was aimed at destroying the Ukrainian people just as the Nazis had wanted destruction for the Jewish people. Mr. Zelensky, who is Jewish, said “mediation can be between states, but not between good and evil.”
The New York Times reported last month that Israeli officials in August rejected a request by a Ukrainian delegation to purchase Pegasus, at a time when Russian troops were massing at the Ukrainian border. On Wednesday morning, The Washington Post and The Guardian, part of a consortium of news organizations called The Pegasus Project, reported that these discussions dated back to 2019, and first reported that Israel had blocked Estonia’s efforts to obtain Pegasus.
A senior Ukrainian official familiar with attempts to acquire the Pegasus system said that Ukrainian intelligence officials were disappointed when Israel declined to allow Ukraine to purchase the system, which could have proved critical for monitoring Russian military programs and assessing the country’s foreign policy goals.
The official said Ukraine’s view was that Israel, in making decisions about licensing Pegasus, gave more weight to a government’s relationship with the Kremlin than its human rights record.
Representatives of the Ukrainian embassy in Washington and the Estonian Ministry of Foreign Affairs declined to comment. In a statement, NSO said the company “can’t refer to alleged clients and won’t refer to hearsay and political innuendo.”
Both Ukraine and Estonia were once part of the Soviet Union, and since then have had to live in the long shadow of Russia’s military. Estonia is a member of NATO.
Russia plays a powerful role throughout the Middle East, particularly in Syria, and Israel is wary of crossing Moscow on critical security issues. In particular, Russia has generally allowed Israel to strike Iranian and Lebanese targets inside Syria — raids the Israeli military sees as essential to stemming the flow of arms that Iran sends to proxy forces stationed close to Israel’s northern border.
Israel’s government has long seen Pegasus as a critical tool for its foreign policy. A New York Times Magazine article this year revealed how, for more than a decade, Israel has made strategic decisions about which countries it allows to obtain licenses for Pegasus, and which countries to withhold them from.
Israel’s government has authorized Pegasus to be purchased by authoritarian governments, including Saudi Arabia and the United Arab Emirates, that have used the weapon to spy on dissidents, human rights activists and journalists in those countries. Democratically elected leaders in India, Hungary, Mexico, Panama and other countries also abused Pegasus to spy on their political opponents.
Israel has used the tool as a bargaining chip in diplomatic negotiations, most notably in the secret talks that led to the so-called Abraham Accords that normalized relations between Israel and several of its historic Arab adversaries.
“Policy decisions regarding export controls, take into account security and strategic considerations, which include adherence to international arrangements,” the Israeli defense ministry said in a statement in response to questions from The Times. “As a matter of policy, the State of Israel approves the export of cyber products exclusively to governmental entities, for lawful use, and only for the purpose of preventing and investigating crime and counter terrorism, under end use/end user declarations provided by the acquiring government.”
Since NSO first sold Pegasus to the government of Mexico more than a decade ago, the spyware has been used by dozens of countries to track criminals, terrorists and drug traffickers. But the abuse of the tool has also been extensive, from Saudi Arabia’s use of Pegasus as part of a brutal crackdown on dissents inside the kingdom, to Prime Minister Viktor Orban of Hungary authorizing his intelligence and law enforcement services to deploy the spyware against his political opponents.
Last November, the Biden administration put NSO and another Israeli cyberfirm on a “blacklist” of firms that are barred from doing business with American companies. The Commerce Department said the companies’ tools “have enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent.”
Ronen Bergman reported from Kyiv, and Mark Mazzetti from Washington.