Spyware has been detected on the cell phones of Spain’s prime minister, Pedro Sánchez, and the country’s defense minister, Margarita Robles.
In a press conference given Monday morning, the Spanish government said that the phones had been infected with Pegasus spyware and extracted data from both devices.
The minister for the presidency, Félix Bolaños, said that the prime minister’s phone was targeted in May and June 2021, while Robles’s was illegally monitored in June 2021.
While Bolaños did not name a culprit, he said that the attack must have been “carried out by non-official bodies and without state authorization,” as in Spain, such monitoring activity requires judicial authorization.
The matter is now being investigated by the Audiencia Nacional, Spain’s highest criminal court.
“These facts have been confirmed and are irrefutable,” added Bolaños. “I don’t think now is the time to engage in supposition or conjecture about what the motivation may have been.”
Israel-based NSO Group, the makers of the spyware, have claimed that Pegasus is only available to state agencies.
Canada’s digital rights group Citizen Lab said at least 65 people connected with the Catalan separatist movement had been targeted by the spyware.
“Ever since Lookout and the Citizen Lab first discovered Pegasus back in 2016, NSO has maintained the stance that the spyware is only sold to a handful of intelligence communities within countries that have been thoroughly vetted for human rights violations,” said Lookout’s senior manager of security solutions, Hank Schless.
“However, the news about Pegasus and NSO Group in recent years shows that this isn’t necessarily the case. Pegasus, as well as its Android counterpart known as Chrysaor, represent a highly dangerous piece of technology that could cause serious damage if it falls in the hands of the wrong people.”
Schless said an adversary armed with Pegasus could listen in on a victim’s conversations and “have a backstage pass” to any messages or data the victim accesses on their device.
In February, the European Union’s data protection watchdog, the EDPS, called for a ban on Pegasus spyware, warning that its use might lead to an “unprecedented level of intrusiveness, able to interfere with the most intimate aspects of our daily lives.”