Catalan politicians on Monday expressed their outrage after a study by Citizen Lab found that at least 63 individuals related to the independence movement in Spain's Catalonia region were targeted with Pegasus spyware.
This is the largest documented cluster of such attacks on record, according to Citizen Lab, a research institution based at the University of Toronto.
Multiple separatist Catalan politicians, including every Catalan president since 2010, have been targeted with the spyware, as have academics, activists and NGOs, according to investigators.
Current Catalan President Pere Aragones, whose phone was confirmed to have been infected with the spyware, slammed the mass espionage as a "serious attack on fundamental rights and democracy and another example of repression against a peaceful civic movement."
Pegasus spyware allows hackers to read text messages, track calls, collect passwords, extract contacts and gather information from apps such as WhatsApp and Gmail.
Citizen Lab is not attributing the massive spying to a particular entity but says "circumstantial evidence suggests a strong nexus with the government of Spain, including the nature of the victims and targets, the timing, and the fact that Spain is reported to be a government client of NSO Group (which makes the spyware)."
The report also suggests that the effort resulted in "the total surveillance of Catalan politicians in certain categories" and that the total number of victims and targets is likely much higher than 63.
Most of the incidents occurred between 2017 and 2020, according to the investigation.
In 2017, the Catalan government held an illegal independence referendum and attempted to break away from Spain.
Afterward, several politicians fled the country and 12 leaders were tried on charges such as sedition. Nine were handed multiple-year prison sentences but were pardoned in 2021.