[1] The scandal was unleashed by the publication of an article[2] in the New Yorker magazine, quoting studies by the University of Toronto's Citizen Lab, in which they examined the use of Pegasus spyware by different countries (Pegasus is only sold to governments who, according to Israel's own government, follow rule of law), and alleged to have found evidence of its deployment and use by Spain's National Intelligence Centre (CNI), to track phones owned by several Catalan politicians and other officials, and their entourage, including at times family members.
[7][8] In April 2019, Citizen Lab worked on a case involving Pegasus infections that exploited a WhatsApp security bug that enabled infiltration of at least 1,400 terminals.
[11][12] MEP Jordi Solé started an investigation in June 2020, when he suspected that he was a victim of cell phone spying and contacted the security researcher Elies Campo, a former WhatsApp employee and collaborator of Citizen Lab.
[17] The surveilled people included past and serving elected officials and regional authorities belonging to parties involved in the 2017 Catalan Independence referendum.
[6] Pegasus A peculiarity of this case for Citizen Lab was the discovery of a new iOS zero-click vulnerability, which they called HOMAGE, that had not previously been seen used by NSO Group, and which was effective against some versions prior to 13.2.
[20] On April 19 (one day after the initial publication of the revelations), Carles Puigdemont and Oriol Junqueras appeared in the European Parliament to denounce the spying perpetrated upon the pro-independence leaders, an intervention that was joined by the Popular Unity Candidacy, the Catalan National Assembly, and Òmnium Cultural.
John-Scott Railton, from Citizen Lab, also took part, detailing "circumstantial evidence": that agencies linked to the structure of the Spanish State would have used Pegasus and Candiru to infiltrate the cell phones of the victims for political purposes.
[21] The previous March, the European Parliament had approved the creation of a committee of inquiry called Committee to investigate the use of Pegasus surveillance spyware on the alleged use of Pegasus surveillance spyware against journalists, politicians, security agents, diplomats, lawyers, businessmen, civil society actors and other citizens in, among other countries, Hungary and Poland, and whether such use had infringed European Union law and fundamental rights.