CatalanGate: EU citizens hacked by Pegasus and Candiru spyware

catalangate, pegasus spyware
© Timon Schneider

An investigation into CatalanGate found that 65 individuals were targeted by mercenary spyware – with circumstantial evidence linking the attacks to Spanish authorities

The Citizen Lab investigation, done in collaboration with Catalan civil society groups, found that 65 individuals were targeted or infected with spyware. These individuals included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations – victims of spying via a software that infiltrates their personal mobile phones, in a scandal termed “CatalanGate”.

In some cases, family members were also subject to spying.

The majority of people were targeted with Pegasus, while four cases were infected by the lesser known spyware, Candiru. Pegasus spyware – sold by the NSO Group – was used to hack the journalist Jamal Kashoggi. He was murdered in an embassy, in 2018, after being tracked by the UAE Government.

Who was targeted during CatalanGate? And why?

1. Politicians who support Catalan independence

The Catalan politicians who support the push for independence from Spain were specifically targeted by Pegasus spyware. This investigation revealed that three MEPs were directly infected, while two more had staff, family members or close associates targeted.

Diana Riba, an MEP who assumed office in July 2019, was infected on or around October 28, 2019.

Antoni Comín, who also assumed office in July 2019, was infected sometime between August 2019 and January 2020. He had assumed his role as a MEP in July 2019, and is also Vice President of the Council of the Catalan Republic.

2. Catalan civil society organisations

Multiple Catalan civil society organisations that support Catalan political independence were targeted with Pegasus, including Òmnium Cultural and Assemblea Nacional Catalana (ANC). Catalans working in the open-source and digital voting communities were also targeted.

Focusing on one example, the Assemblea Nacional Catalana experienced five board members being targeted – especially at politically relevant times.

University professor Jordi Sànchez ​​was President of ANC, from 2015 to 2017. Interestingly, Sànchez was first seen targeted with a Pegasus text infection attempt in 2015, shortly after a demonstration in Barcelona.

This is the earliest Pegasus infection attempt that Citizen Lab have uncovered, as the bulk of the targeting revealed by this investigation seems to have happened between 2017 and 2020.

For example, on April 20, 2017, he was targeted the day prior to Catalan government meetings with civil society groups to discuss the October referendum. Months later, just as polling stations opened on October 1, 2017, he was targeted with an alarming message saying that a police “offensive” was beginning.

Who is behind CatalanGate?

So far, circumstantial evidence points to Spanish authorities, who have not publicly disclosed if they purchases the spyware software or not. The Spanish Government have historically pushed against the prospect of independence for the region.

In October 2020, Amnesty International asked the Spanish Government to release information on contracts with private digital surveillance companies. The international organisation for human rights also approached the Ministry of Defence in Spain, requesting specific information on Pegasus.

The Government said that both answers were classified. The NSO Group sells Pegasus on the premise of interrupting terrorist activities, but Governments appear to use them on citizens, journalists, lawyers, activists and opponents to existing political ideology.

Likhita Banerji, Amnesty International’s Technology and Human Rights Researcher, said: “The Spanish government needs to come clean over whether or not it is a customer of NSO Group. It must also conduct a thorough, independent investigation into the use of Pegasus spyware against the Catalans identified in this investigation.

“We urge the European Parliament Committee of Inquiry to leave no stone unturned when documenting the human rights violations enabled by unlawful spyware, including by investigating these new revelations.”


Please enter your comment!
Please enter your name here