Spanish Prime Minister Pedro Sanchez's cellphone was infected with Pegasus spyware in 2021, allowing the hackers to extract software and data, the Spanish government said Monday. File Pool Photo by Eduardo Munoz/UPI | License Photo
May 2 (UPI) -- The Spanish government on Monday announced that the cellphones of Prime Minister Pedro Sanchez and Defense Minister Margarita Robles were infected with spyware last year.
Pegasus spying software was used to target Sanchez's phone Felix Bolaños, secretary of state in May and June 2021, while Robles's was targeted in June 2021, Felix Bolaños, secretary of state for the prime minister's office said in a news conference Monday.
Bolaños said that software and data were extracted from both phones, adding that the targeting must have come from a foreign nation as any such monitoring within Spain would have required judicial authorization.
"These facts have been confirmed and are irrefutable," Bolaños said. "I don't think now is the time to engage in supposition or conjecture about what the motivation may have been."
Spain's highest criminal court will investigate the "illicit" and "external" targeting of the phones and devices of other members of the government are being examined to determine if they have also been targeted.
Pegasus spyware was developed and sold by the Israeli firm NSO Group to governments and intelligence agencies, allowing them to track a user's mobile phone.
NSO Group said in a statement it would investigate "any suspicion of misuse" of the software and cooperate with any governmental investigation.
"While we have not seen any information related to this alleged misuses and we are not familiar with the details of this specific case, NSO's firm stance on these issues is that the use of cyber tools in order to monitor politicians, dissidents, activists and journalists is a severe misuse of any technology and goes against the desired use of such critical tools," a representative for the firm said.
Last year, the U.S. Department of Commerce sanctioned NSO Group and three other entities, determining that they engaged in malicious cyberactivity "contrary to the foreign policy and national security interested of the U.S."