NSO's Pegasus spyware found on phones of Spanish PM, DM

The claim comes just weeks after reports that spyware from two Israeli companies was used against Catalonians.

 AN AERIAL view shows the logo of Israeli cyber firm NSO Group at one of its branches in the Arava Desert. (photo credit: AMIR COHEN/REUTERS)
AN AERIAL view shows the logo of Israeli cyber firm NSO Group at one of its branches in the Arava Desert.
(photo credit: AMIR COHEN/REUTERS)

The phones of Spanish Prime Minister Pedro Sánchez and Defense Minister Margarita Robles were infected with the Israeli NSO Group’s Pegasus spyware without the approval of the Spanish government, the country’s Minister of the Presidency Félix Bolaños announced on Monday.

Bolaños stated during an impromptu press conference on Monday morning that the phones were infiltrated last year, with Sánchez’s phone targeted in May and Robles’ phone targeted in June.

The minister called the attack “external” and “illicit,” saying that it was not carried out by state agencies. “In a full democracy like ours, only official bodies are empowered to make interventions and always with judicial authorization,” said Bolaños, according to Spanish media.

The phones of other members of the government are being checked as well to determine if they were also infected.

The Spanish government has presented a complaint on the issue to the country’s National Court. No suspect had been named by Spanish authorities as of Monday morning.

 People hold up Estelada flags (Catalan separatist flag) during Catalonia's national day, 'La Diada', in Barcelona, Spain, September 11, 2021. The banner reads ''freedom''. (credit: ALBERT GEA/ REUTERS) People hold up Estelada flags (Catalan separatist flag) during Catalonia's national day, 'La Diada', in Barcelona, Spain, September 11, 2021. The banner reads ''freedom''. (credit: ALBERT GEA/ REUTERS)

The claim by the Spanish government comes just two weeks after a report by Citizen Lab found that at least 65 individuals from the European Parliament and Catalonia were targeted or infected by spyware, including Pegasus and spyware from Candiru, another spyware company.

Both NSO Group and Candiru claim that their products are intended to fight crime and terrorism and are sold exclusively to governments.

Candiru is also based in Israel and a report by Microsoft in July 2021 found that the company’s spyware was likely used to target over 100 victims in the Palestinian Authority, Israel, Iran, Lebanon, Yemen, Catalonia, the United Kingdom, Turkey, Armenia, and Singapore. Targets included politicians, human rights activists, journalists, academics, embassy workers and political dissidents.

The victims of the spyware campaign identified by Citizen Lab also include members of the European Parliament, the Catalan president, legislators, jurists and members of civil society organizations, including academics and activists. Family members of these victims were targeted as well in some cases.

The forensic tools used by Citizen Lab are much more developed for iOS devices and Spain largely uses Android devices, so the lab believes that its report “heavily undercounts” the number of individuals likely targeted and infected with Pegasus.

While Citizen Lab said that it was not conclusively attributing the campaign to a specific entity, it added that there was “strong circumstantial evidence” that “suggests a nexus with Spanish authorities.”

Amnesty International’s Tech Lab independently validated Citizen Lab’s forensic methodology.

Most of the Pegasus infections took place between 2017 and 2020. Every Catalan member of the European Parliament who supported independence for Catalonia was targeted either directly with Pegasus or through targeting of staff, family members or close associates.

Spanish government officials have said that they would investigate the reports of spyware being used against Catalan leaders.