Catalonia's regional leader accused the Spanish government on Monday of spying on its citizens after a rights group said his phone and dozens more belonging to Catalan pro-independence figures had been infected with spyware used by sovereign states.
The Citizen Lab digital rights group found more than 60 people linked to the Catalan separatist movement, including several members of the European Parliament, other politicians, lawyers and activists, had been targeted with "Pegasus" spyware made by Israel's NSO Group after a failed independence bid.
NSO said the information about the allegations was false.
"It's an unjustifiable disgrace," Catalan leader Pere Aragones tweeted. "An extremely serious attack on fundamental rights and democracy."
Describing the use of surveillance software as crossing a "red line", he demanded explanations from the Spanish government.
The government declined to comment when contacted by Reuters.
NSO, which markets the software as a law-enforcement tool, said Citizen Lab and Amnesty International, which was not involved in this investigation but has published previous studies about Pegasus, had produced inaccurate and unsubstantiated reports to target the company.
"Information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons," a spokesperson said via email without explaining why this was the case.
Toronto-based Citizen Lab said almost all of the infections took place between 2017 and 2020 in the wake of the independence bid by Catalonia that plunged Spain into its worst political crisis in years.
It said said it could not conclusively attribute the spying operations to a specific entity but said: "Strong circumstantial evidence suggests a nexus with Spanish authorities."
Citizen Lab began its investigation in 2020 after researchers working with Facebook's instant message service WhatsApp warned several Catalan lawmakers, including parliament speaker Roger Torrent, that their phones had been broken into.
At that time, Interior Minister Fernando Marlaska denied the Spanish government or its intelligence services had any involvement.
Newspaper El Pais subsequently reported that Spain's CNI intelligence agency did have access to the software.
Amnesty urged Spain to investigate the use of Pegasus and disclose whether it was a client of NSO.
The European Union's data protection watchdog has called for a ban on Pegasus over allegations it has been abused by client governments to spy on rights activists, journalists and politicians.
Last week Reuters reported that several senior EU officials had been targeted by the software. NSO said in a statement that it was not responsible for the hacking attempts, saying the targeting described by Reuters "could not have happened with NSO's tools".
(Reporting by Nathan Allen, Emma Pinedo and Joan Faus; Editing by Nick Macfie and Alison Williams)