The mobile phone of a UN-backed investigator who was examining possible war crimes in Yemen was targeted with spyware made by Israel’s NSO Group, a new forensic analysis of the device has revealed.

Kamel Jendoubi, a Tunisian who served as the chairman of the now defunct Group of Eminent Experts in Yemen (GEE)– a panel mandated by the UN to investigate possible war crimes – was targeted in August 2019, according to an analysis of his mobile phone by experts at Amnesty International and the Citizen Lab at the University of Toronto.

The targeting is claimed to have occurred just weeks before Jendoubi and his panel of experts released a damning report which concluded that the Saudi-led coalition in the Yemen war had committed “serious violations of international humanitarian law” that could lead to “criminal responsibility for war crimes”.

Jendoubi’s mobile number also appears on a leaked database at the heart of the Pegasus Project, an investigation into NSO by the Guardian and other media outlets, which was coordinated by Forbidden Stories, the French non-profit media group.

The leaked list contained numbers of individuals who were believed to have been selected as potential surveillance targets by NSO’s government clients.

The data suggests that Jendoubi was selected as a potential surveillance target by Saudi Arabia, which was a longtime client of NSO before it was dropped earlier this year after allegations that it abused the surveillance tool.

In a statement in response to questions about Jendoubi’s case, an NSO spokesperson said: “Based on the details you have provided us we can confirm that Kamel Jendoubi was not targeted by any of our current customers”.

Jendoubi, a human rights defender and opponent of former president Ben Ali’s regime in Tunisia, was appointed by the Office of the UN high commissioner for Human Rights to lead a group of international experts to investigate human rights violations in 2017.

The UN mandate to investigate the possible war crimes came to an abrupt halt this October, after the members of the Human Rights Council voted to end the investigation.

Citing political and diplomatic experts with close knowledge of the matter, the Guardian reported earlier this month that Saudi Arabia used “incentives and threats” as part of a lobbying campaign to shut down the UN investigation.

Jendoubi told the Pegasus Project that the targeting of his phone marked the actions of a “rogue state”.

“There are no other words. As international investigators, we are supposed to be at least protected. But I am not at all surprised. I’ve been apprehensive about this since 2019,” he said.

“We knew that we [the panel] could be potentially targeted since the publication of our 2018 report. That report had created a shock in Saudi Arabia and the UAE. They did not expect such findings.”

Jendoubi added: “They used all their propaganda, their media … to defame us and discredit our work. Everything you would expect from them. Until the 2021 vote that ended our mission.”

The investigator said he did not believe that his work had been compromised on the targeted phone because he had used another device to conduct his investigations. He said the targeting of his phone was indicative of a state that did not care about “commitments and minimum international rules”.

Melissa Parke, an expert investigator on the GEE and former Australian MP, said in response to the news of Jendoubi’s targeting: “If only this extraordinary technology and energy could be applied for the benefit of the people of Yemen, instead of the reverse. The calls for accountability for crimes committed in Yemen will only increase in the wake of these revelations.”

The Pegasus Project approached Jendoubi after it was confirmed that his mobile number was listed in the leaked database.

Experts at Amnesty International’s Security Lab and Citizen Lab, who research sophisticated digital surveillance attacks, found traces of Pegasus on Jendoubi’s mobile phone, which also correlated to a timestamp in the database that indicated when the number was selected.

The experts said the forensic analysis showed that a client of NSO had attempted to hack the device.

There was no clear evidence that the mobile had successfully been hacked or data exfiltrated, however, because that data could not be retrieved.

If a phone is infected with NSO’s signature spyware, called Pegasus, operators of the spyware have total access, including the ability to intercept phone calls, read text messages, infiltrate encrypted apps and track an individual’s physical location. The spyware can also turn a mobile into a listening device by remotely controlling the mobile’s recorder.