Pegasus Spyware Detected on Spanish PM, Defense Minister’s Phones

Close up of Spanish Prime Minister Pedro Sanchez Standing behind a podium with Spain and EU flags in the background

Spanish authorities said they have found Pegasus spyware on the phones of Prime Minister Pedro Sanchez and Defense Minister Margarita Robles. Government officials said that they believe the devices were infected last year, with the attack originating from outside the country, though they have not disclosed any suspects.

What is Pegasus Spyware?

Pegasus and its owner, the NSO Group, have faced strong backlash after it was revealed that some of its government clients used the spyware to target activists and political opponents. The NSO Group claims it only sells its spyware to certain agencies of governments around the world, after conducting a vetting process.

Pegasus is particularly dangerous because it is a zero-click exploit, which allows it to infect a target’s device without any indication. Usually, malicious software infects a device after its target clicks on a link or downloads a file. But the Pegasus spyware can enter a device without any action on part of the victim.

Once a device is infected, the spyware operator gains near-total control of the device. The operator can access stored data like images, videos, and messages, and can also turn on the device’s camera and microphone at will. Therefore, a device infected with Pegasus becomes a real-time surveillance instrument for the operator.

Key Catalan Figures Targeted in April

The targets are not just limited to activists and journalists. It was recently revealed that high-ranking EU officials were also targets of the spyware. EU’s data protection supervisor has previously called out the threat that Pegasus poses to the right to privacy. Consequently, it called for a bloc-wide ban on the use of the spyware.

Interestingly, Pegasus was a topic of heated discussion in Spain just last month, as researchers at Citizen Lab found traces of the spyware on the devices of several Catalan political figures and activists. Citizen Lab could not accurately attribute the attack to a particular actor, but it’s strongly suspected that the Spanish government played a role.

The present situation seems to be different from the previous reports of Pegasus misuse. In most cases, the government is accused of using the spyware to target its opponents and silence critics. However, in this scenario, the current Prime Minister of a country is the target — which has led officials to believe the attack originated from abroad.

Authorities ‘Absolutely Certain’ Attack Came from Outside Spain

Spanish authorities have described the targeting of Spain’s prime minister and defense minister as an “illicit and external” intervention.

“It is not a supposition, they are facts of enormous gravity,” minister of the presidency Felix Bolanos said. “We are absolutely certain that it was an external attack … because in Spain, in a democracy like ours, all such interventions are carried out by official bodies and with judicial authorisation.”

Furthermore, Bolanos said that the prime minister’s phone was tapped in May of last year, and Robles’ in June 2021. He did not provide any information on where the attack originated. Speaking on exfiltrated data, he said that “a determined amount of data” was taken from both phones.

“There is no evidence that there was other tapping after those dates,” Bolanos added.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.