Spyware attack targeted Spanish prime minister’s phone

Mobile phones used by Spain’s Prime Minister Pedro Sanchez and Defense Minister Margarita Robles were infected with Pegasus spyware, a well-known surveillance tool made by Israel’s NSO Group, government officials said in a press conference on Monday.

Félix Bolaños, the minister for the presidency, confirmed that the spyware infiltrated the prime minister’s phone in May 2021 while the defense minister’s phone was targeted in June 2021. Data was successfully extracted from the phones in a breach that Bolaños called “illegal and external” and “alien”, as there was no prior governmental authorization. 

A spokesperson for NSO Group told The Record that the company is “not familiar with the details of this specific case,” but that using cyber tools to monitor politicians would be a “severe misuse” of the technology.

“We have committed before that we will investigate any suspicion of misuse, and will cooperate and assist with any governmental investigation of these issues,” the spokesperson said. “NSO is a software provider, the company does not operate the technology nor is privy to the collected data. The company does not and cannot know who the targets of its customers are, yet implements measures to ensure that these systems are used solely for the authorized uses.”

Pegasus spyware vigorously surveils the phone of intended targets by gaining access to calls, messages, media, emails, microphones, and cameras. NSO Group, which has been sued by tech giants and effectively blacklisted by the Biden administration, advertises the software as a means for governments to monitor criminal activity and terrorism, but has been criticized for its links to human rights violations. 

NSO Group’s spyware has been flagged by various governments and human rights organizations over the years largely due to its ties in targeting dissidents, journalists, activists, and government officials. The U.S. Department of Commerce added NSO Group to their entity list for malicious cyber activities in November 2021. “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent,” the department’s Bureau of Industry and Security said.

In March, the European Parliament created a new committee to investigate the use of Pegasus spyware in various breaches conducted by an array of countries including Poland and Hungary, while also focusing on reviewing surveillance law.

Prior to the recent attack, Citizen Lab published research last month displaying 65 instances of spyware used to target European Parliament officials and Catalan Presidents, legislators, jurists, and members of civil society organizations — 63 of them used Pegasus spyware. Catalonia is an autonomous community of Spain. Catalan president Pere Aragonès, whose phone was among those infected with the spyware,  addressed the previous espionage in a tweet.

Officials are still investigating whether or not the phones of other government employees have been infected in the recent hack. According to Bolaños, the national court will be handling the investigation.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Emma Vail

Emma Vail is an editorial intern for The Record. She is currently studying anthropology and women, gender, and sexuality at Northeastern University. After creating her own blog in 2018, she decided to pursue journalism and further her experience by joining the team.