Catalonia’s efforts to secede from Spain have long been a thorn in the side of Spanish governments.

NSO’s Pegasus has been used around the world to break into the phones and computers of human rights activists, journalists and even members of the Catholic clergy. The company was subject to export limits by the US federal government, which accused NSO of carrying out “transnational repression”. NSO has also been taken to court by major tech companies.

Citizens Lab said its investigations into Spain’s use of Pegasus and spyware developed by Candiru — another Israeli company founded by former NSO employees — began in mid-2020 after a handful came to light. of cases also targeting prominent Catalan pro-independence figures.

The group said it could not find conclusive evidence to attribute the hack to a specific entity.

“However, a series of circumstantial evidence points to a close connection to one or more entities within the Spanish government,” Citizens Lab said on its website.

Spain’s Interior Ministry said that no ministerial department, national police or Civil Guard law enforcement agencies “have ever had a relationship with the ONS and therefore have never contracted any of his service”.

The ministry’s statement said that in Spain, “any communication intervention is carried out under judicial order and in full respect of legality.”

Pegasus infiltrates phones to suck up personal and location data and surreptitiously controls smartphone microphones and cameras. Researchers found several examples of NSO Group tools using so-called zero-click exploits that infect targeted mobile phones without any user interaction.

Citizens Lab said signs of a previously unidentified zero-click exploit were found in Catalans’ infected devices running an older operating system in late 2019 and early 2020.

Among those targeted were at least three EU lawmakers representing Catalan separatist parties, members of two prominent pro-independence civil society groups, their lawyers and elected officials at various levels, including three former regional presidents, including Quim Torra as he was on duty.

Current Catalan President Pere Aragonès, whose phone was also infected according to Citizens Lab while he was deputy for Torra in the 2018-2020 administration, said that “the massive espionage operation against Catalan independence is an unjustifiable disgrace, an attack on fundamental rights”. and democracy.”

Aragonès said in a series of tweets that because the software can only be acquired by state entities, the Spanish government must provide an explanation.

“No excuse is valid,” he wrote. “Spying on citizen representatives, lawyers or civil rights activists is a red line.”

Spain’s Defense Ministry, which oversees the country’s armed forces and intelligence services, and the prime minister’s office did not immediately respond to questions from The Associated Press.