Spanish Prime Minister, Defense Minister Hacked Using Israel's Pegasus Spyware in 2021, Officials Say

Spanish officials said Monday that the cellphones of the prime minister and the defense minister were infected last year with Pegasus spyware that is only available to government agencies in an operation that wasn’t authorized by the government.

Prime Minister Pedro Sánchez’s mobile phone was breached twice in May 2021, and Defense Minister Margarita Robles’ device was targeted once the following month, Presidency Minister Félix Bolaños said in a hastily convened news conference.

He said the breaches resulted in a significant amount of data being obtained, and that reports detailing the breaches have been transferred to Spain’s National Court for further investigation.

“We have no doubt that this is an illicit, unauthorized intervention,” Bolaños said. “It comes from outside state organisms and it didn’t have judicial authorization.”

The hacks of the Spanish leadership took place just as Madrid was in the midst of a diplomatic crisis with Morocco over the former's coronavirus policies and the latter's decision to allow migrants to enter the Spanish enclave of Ceuta. Reports have said in the past the Morocco was a client of NSO, a claim the kingdom has denied.

Israel's NSO Group, the cyber offensive firm which developed Pegasus, said it was unfamiliar with the details of the specific case and, as a software provider, cannot know who the targets of its customers are.

• Why Every Democracy Should Fear Israeli Spyware
• ‘Democracies Don't Spy on Citizens’: Catalan Leader Infected With Pegasus Speaks Out
• NSO File: A Complete List of Individuals Targeted With Pegasus Spyware

Spain’s government is under pressure to explain why the cellphones of dozens of people connected to the separatist movement in the northeastern Catalonia region were infected with Pegasus between 2017 and 2020, according to cybersecurity experts’ group Citizen Lab.

Sánchez is the most senior official to have been confirmed to be infected with the spyware. During the Project Pegasus global investigation over the summer, other instances of world leaders being selected for possible snooping by NSO's clients were reported, including the leaders of France, Pakistan and Morocco. A number of former prime ministers were also on the list of possible victims, including France's Édouard Philippe and Lebanon's Saad Hariri. However, no confirmations were ever made.

Last week, The New Yorker reported that dozens of leaders from the separatist Catalan movement were hacked using the spyware. The report, based on analysis by Citizen Lab, said it was likely the Spanish government or intelligence services that were behind the hack. It is unclear who infected the Spanish officials.

NSO Group said in response to the incident that it's "firm stance on these issues is that the use of cyber tools in order to monitor politicians, dissidents, activists and journalists is a severe misuse of any technology and goes against the desired use of such critical tools”

“We have committed before that we will investigate any suspicion of misuse, and will cooperate and assist with any governmental investigation of these issues.”