The devices of at least sixty-five pro-independence Catalans were targeted with Pegasus and Candiru spyware. Most of the incidents occurred between 2017 and 2020, amid rising tensions over Catalan separatism and the 2017 Catalan independence referendum. Analysts found evidence on the victims\u2019 devices of \u201czero-click\u201d exploits, which infect phones and computers even without users clicking on malicious links. Reports indicate Spain\u2019s intelligence service had prior court approval to use the spyware to target Catalan separatists.<\/p>\n","protected":false},"excerpt":{"rendered":"
The devices of at least sixty-five pro-independence Catalans were targeted with Pegasus and Candiru spyware. Most of the incidents occurred between 2017 and 2020, amid rising tensions over Catalan separatism and the 2017 Catalan independence referendum. Analysts found evidence on the victims\u2019 devices of \u201czero-click\u201d exploits, which infect phones and computers even without users clicking […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_cloudinary_featured_overwrite":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[2],"tags":[],"cyber_operation":[49],"state_sponsor":[155],"victim_category":[32,63],"victim_government_response":[186],"victim":[154],"class_list":["post-10623","post","type-post","status-publish","format-standard","hentry","category-incident","cyber_operation-espionage","state_sponsor-spain","victim_category-civil-society","victim_category-government","victim_government_response-unknown","victim-spain"],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/10623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/comments?post=10623"}],"version-history":[{"count":0,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/10623\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/media?parent=10623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/categories?post=10623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/tags?post=10623"},{"taxonomy":"cyber_operation","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/cyber_operation?post=10623"},{"taxonomy":"state_sponsor","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/state_sponsor?post=10623"},{"taxonomy":"victim_category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_category?post=10623"},{"taxonomy":"victim_government_response","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_government_response?post=10623"},{"taxonomy":"victim","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim?post=10623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}