Explicació gràfica


Key Findings

  • The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware.
  • At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both.
  • Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases.
  • We identified evidence of HOMAGE, a previously-undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
  • The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities.
  • We shared a selection of Pegasus cases with Amnesty International’s Tech Lab, which independently validated our forensic methodology.