Spain implicated in Pegasus spyware attack on Catalan politicians
What you need to know
- A new report says a multitude of Catalonian figures were targeted by Pegasus spyware
- At least 65 individuals were targeted, including members of the European Parliament, Catalan Presidents, and more.
- The Citizen Lab says it has also identified a previously undisclosed iOS zero-click vulnerability.
A new report from The Citizen Lab reveals that at least 65 individuals connected to Catalonia were targeted by Pegasus spyware, identifying on the way a previously-undisclosed iOS zero-click vulnerability.
Citizen Lab says it has uncovered hacking that "covers a spectrum of civil society in Catalonia, from academics and activists to non-governmental organizations (NGOs)" as well as government and elected officials including Catalan presidents, members of the European Parliament, legislators, staff, and even their families. The report says that "extensive circumstantial evidence points to the Spanish government as the source of the hacking.
The report notes the tumultuous relationship between Catalonia and the rest of Spain, notably a continued desire from some parts of the region to gain full independence from the country. The report notes that the Spanish government has been confirmed as a customer of NSO Group, maker of the controversial Pegasus tool that was unearthed last year as a major weapon of surveillance.
The report says that at least 63 individuals were targeted between 2017 and 2020, with 51 individuals successfully infected. However, this number is likely skewed somewhat:
Noting several high-profile targets, the report says that some individuals were targeted using zero-click iMessage exploits, including a new previously unidentified exploit:
This exploit was not used on any iOS version after 13.1.3, meaning iOS 14 and iOS 15 users are not at any risk. The Citizen Lab has also reported its findings to Apple.
Others were targeted using a zero-click exploit called KISMET as recently as December 2020, while others still were attacked through a widespread 2019 WhatsApp attack. Still, others were targeted using SMS-based attacks. The report concludes:
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
The Citizen Lab says that the seriousness of the case calls for an official inquiry to determine the responsible party, how the hacking was authorized, and more. It also notes that the suspected number of victims and targets is much higher than the initial report indicates. The report also warns that the case is notable "because of the unrestrained nature of the hacking activities" in targeting elected officials including "every Catalan member of the European Parliament that supported independence."
The Citizen Lab notes the case is also notable because Spain a democracy, and adds to "the growing number of other democracies we have discovered that have abused mercenary spyware".
You can read the full report here.
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9