A couple of weeks after Citizen Lab revealed that the Pegasus spyware was leveraged to spy on Catalan independence leaders and the UK Prime Minister’s Office, the Spanish government said its prime minister and defense minister were also victimized by unknown actors using the spyware developed by the NSO Group.
The Spanish government has confirmed that the prime minister and defense minister were targeted using Pegasus in 2021. Besides two of the most high-profile positions in the country, Pegasus, which roused a global controversy, not to mention multiple conspiracy theories last year, also infected 200 other mobile numbers registered in Spain.
The government minister for the presidency, Félix Bolaños, confirmed that PM Pedro Sanchez and defense minister Margarita Robles were targeted between May and June 2021 but refrained from revealing who targeted them or if the government even knew who was behind the spyware operations.
Bolaños said at the emergency press conference, “These facts have been confirmed and are irrefutable. I don’t think now is the time to engage in supposition or conjecture about what the motivation may have been.â€
Pegasus is military-grade spyware used for spying on iOS and Android device users. Israeli cyber company NSO Group sells the Pegasus spyware to foreign governments to let them eavesdrop on device data (including messages and other forms of communication) of terrorists, dissidents, and other kinds of criminals.
NSO Group has previously denied making Pegasus available to anyone besides state organizations such as the military, intelligence agencies, and law enforcement in countries with a good human rights track record.
This is why questions were raised against the Spanish government on whether they spied upon members of the Catalan independence movement. Last month, Citizen Lab at the University of Toronto, the same research group that discovered the vulnerability leveraged by Pegasus, confirmed that 65 Catalan individuals were targetedOpens a new window . These include members of the European parliament, Catalan presidents, legislators, jurists, and members of civil society organizations.
Consequently, the Catalan regional government called for an investigation of Spain’s National Intelligence Center (CNI). Citizen Lab said in April, “The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities.â€
But the Spanish government’s announcement that its highest echelons of power are victims themselves has surprised many. Bolaños clarified that the CNI doesn’t carry out espionage operations without authorization from the judiciary and that they hadn’t received any judicial authorization.
“We have no doubt that this is an illicit, unauthorized intervention. It comes from outside state organisms and it didn’t have judicial authorization,†Bolaños added.
See More: Cyber Mercenaries, Surveillance-for-Hire Market On the Rise, Warns Meta
But the timeframe of the breaches does coincide with geopolitical turbulence with neighboring Morocco. In May 2021, over 8,000 migrants from Morocco entered Ceuta, a North African enclave of Spain. At the time, Morocco, which wasn’t too happy about Spain offering COVID-19 treatment to a Western Sahara independence leader, denied encouraging the migrants.
Around the same time, the Spanish government was also negotiating the release of almost a dozen Catalan independence leaders jailed in 2017 over their attempt to secede Catalonia from Spain.
Tot espionatge polÃtic és d’extrema gravetat. Fa dies que ho denunciem sense obtenir explicacions del govern espanyol. Quan l’espionatge massiu és contra les institucions catalanes i l’independentisme, silenci i excuses. Avui, tot són presses. Cal assumir responsabilitats ja.
— Pere Aragonès i Garcia 🎗 (@perearagones) May 2, 2022Opens a new window
Richard Melick, the director of threat reporting at mobile security company Zimperium, told Toolbox, “It is no surprise that Pegasus was used in unauthorized digital attacks against mobile devices. It’s bought and sold on the black and open markets, so there’s no way to control who the customers or targets are. This is just another example of digital weaponry falling into the wrong hands and used beyond the intentions of the maker.â€
On Monday, the NSO Group stated, “While we have not seen any information related to this alleged misuse and we are not familiar with the details of this specific case. NSO’s firm stance on these issues is that the use of cyber tools in order to monitor politicians, dissidents, activists, and journalists is a severe misuse of any technology and goes against the desired use of such critical tools.â€
Further investigation will be carried out by Audiencia Nacional, the highest criminal court in Spain.
Melick added, “Whether the perpetrator of this specific attack bought the software via the NSO Group or a third-party does not change the impact that it has had on the mobile security space. Organizations that are not protecting all employee mobile devices with the same degree and efficacy that they do their traditional devices are leaving their data and users vulnerable to Pegasus and other styles of advanced spyware attack.â€
The U.S. government blacklisted the NSO Group and Candiru, another Israeli company whose spyware product was also used against Catalan members.
The cyber mercenary ecosystem is broader than it appears. Meta identified 50,000 users from 100 countries who were spied upon in 2021 and said that the NSO Group is “only one piece of a much broader global cyber mercenary ecosystem.â€
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebooOpens a new window k. We would love to hear from you!