Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Spain Says Top Government Officials Hit by Pegasus Spyware

Cybersecurity Agency Finds Spyware on Devices of Prime Minister, Defense Minister
Spain Says Top Government Officials Hit by Pegasus Spyware
Spanish Prime Minister Pedro Sánchez Pérez-Castejón (Photo: Spanish government via Flickr/CC)

Smartphones used by Spain's prime minister and defense minister were infected with Pegasus spyware, government officials allege.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries

Pegasus spyware is built by Israel's NSO Group, which says it only provides the surveillance software to approved law enforcement and intelligence agencies that agree to only use it for allowed purposes. But the company has faced mounting criticism that authoritarian governments regularly use its tools to spy on journalists, human rights advocates and dissidents.

On Monday, Spain's Minister of the Presidency, Félix Bolaños, said that the cyberespionage tools had been used to infect smartphones used by Prime Minister Pedro Sánchez Pérez-Castejón and Defense Minister Margarita Robles.

In a press conference, he said that the country's cybersecurity agency, CCN, verified that a smartphone used by Sánchez was targeted with Pegasus spyware in May and June 2021, while Robles' smartphone was targeted in June 2021, and data was exfiltrated from both devices, Spanish news agency Agencia EFE reported.

"These facts have been confirmed and are irrefutable," he said at the press conference, the Guardian reported. "I don't think now is the time to engage in supposition or conjecture about what the motivation may have been."

Probe Launched

Bolaños said Spain's highest criminal court, the Audiencia Nacional in Madrid, will be probing the "illicit and external" surveillance.

When government ministers take office in Spain, they are issued smartphones by the country's National Intelligence Center, or CNI. The devices contain numerous security features, including better device encryption, EFE reports. But state sources told the news agency that while CNI recommends government ministers "exclusively" use the more secure smartphones, some continue to also use their personal devices.

Government officials say CNI is studying additional devices used by top-level officials for signs of Pegasus infections.

NSO Group's Response

NSO Group says using its commercial spyware in this manner would violate its terms of service. "While we have not seen any information related to this alleged misuse and we are not familiar with the details of this specific case, NSO's firm stance on these issues is that the use of cyber tools in order to monitor politicians, dissidents, activists and journalists is a severe misuse of any technology and goes against the desired use of such critical tools," an NSO Group spokesperson tells Information Security Media Group.

"We have committed before that we will investigate any suspicion of misuse, and will cooperate and assist with any governmental investigation of these issues," the spokesperson adds. "NSO is a software provider; the company does not operate the technology nor is privy to the collected data. The company does not and cannot know who the targets of its customers are, yet implements measures to ensure that these systems are used solely for the authorized uses."

But NSO Group has continued to face numerous allegations that many governments have been using the software for unauthorized uses too.

UK Government, Catalonians Allegedly Targeted

Last month, Citizen Lab, a research group based at the University of Toronto that investigates human rights abuses perpetrated using technology, said that it had sent "multiple" alerts to the British government in 2020 and 2021, warning that devices connecting to official U.K. government networks appeared to be infected with Pegasus.

Citizen Lab also warned last month that Pegasus had been used to target devices used by at least 63 individuals in Catalonia, the autonomous region of northeastern Spain, largely from 2017 to 2020. At least 51 of the targeted individuals' devices had successfully been infected with the Pegasus surveillance malware, and at least one person had been infected using a competing product from the Israeli firm Candiru, Citizen Lab says in a report.

"The hacking covers a spectrum of civil society in Catalonia, from academics and activists to non-governmental organizations," Citizen Lab reports. "Catalonia's government and elected officials were also extensively targeted, from the highest levels of Catalan government to members of the European Parliament, legislators, and their staff and family members."

Citizen Lab said that while it had no smoking gun as to who had paid for Pegasus and used it to target Catalonians, "extensive circumstantial evidence points to the Spanish government."

Israel Probes Pegasus Use Against Israelis

The Israeli government has historically backed NSO Group. But in February, revelations that the software had been used by Israeli police to track not only journalists but also the son of a former prime minister sparked outrage by lawmakers. In response, the Israeli government launched an investigation into the use of such software against Israeli citizens.

In February, Israel's justice ministry released initial findings from the probe, reporting that the software had been used to conduct surveillance on three unnamed Israeli individuals - but only after police received a court order to do so, the BBC reported.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.