Official networks in the United Kingdom, including a device linked to 10 Downing Street, the Prime Minister’s office, were infected with NSO group's Pegasus spyware in 2020 and 2021, a tech watchdog suspects.
Foreign Commonwealth and Development Office (FCDO), which has personnel in many countries, was also infected with the spyware, according to The Citizen Lab, a Canada-based tech research facility.
UK Prime Minister Boris Johnson will visit India for two days, starting 21 April.
While the 10 Downing Street infection was associated with a Pegasus operator linked only to the UAE, the FCDO infections were associated with operators linked to India, UAE, Cyprus, and Jordan.
Separately, a UK government official confirmed to The New Yorker that a network at 10 Downing Street was compromised, without specifying what kind of spyware was used.
Pegasus Used in Catalonia
The Citizen Lab also identified over 60 people linked to the separatist movement in Catalonia who were targeted using spyware between 2017 and 2020.
"The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities," it said.
Catalonia is an autonomous region in Spain which has seen increasing support for independence. Following a disputed referendum in 2017, Spain removed the local government and imprisoned several leaders.
63 people were targeted with Pegasus, and four others with Candiru, the lab found. Victims included of the European Parliament members, Catalan Presidents, legislators, jurists, and civil society organisation members.
The NSO group has denied these allegations, according to Reuters.
Catalonia's regional leader Pere Aragones, however, accused the Spanish government of spying on its citizens, calling it a "very serious attack on democracy and fundamental rights."
UK Govt Notified to 'Reduce Harm'
Ron Deibert, Director of the Citizen Lab and Professor of Political Science at the University of Toronto, said that the lab notified the UK government through official channels, believing that its "actions can reduce harm."
"The United Kingdom is currently in the midst of several ongoing legislative and judicial efforts relating to regulatory questions surrounding cyber policy, as well as redress for spyware victims."Ron Deibert, Director of the Citizen Lab
"We believe that it is critically important that such efforts are allowed to unfold free from the undue influence of spyware," he wrote in a statement.
Deibert referred to a 2019 incident when a UK-based lawyer who was involved in a lawsuit against NSO Group was hacked using Pegasus.
"We felt compelled to ensure that the UK Government was aware of the ongoing spyware threat, and took appropriate action to mitigate it," he said.
Pegasus in India
In July 2021, a consortium of media organisations blew open the story that governments across the world were allegedly using Pegasus spyware to spy on citizens and persons of interest since 2019.
Pegasus was found to have infiltrated the phones of 1,400 individuals globally, including human rights activists, lawyers and activists in India. Key members of opposition were also reportedly targeted.
The central government denied the request for an investigation into the Pegasus scandal, however, in October 2021, the Supreme Court of India ordered an independent probe into the issue by a three-member committee.
The technical committee asked those affected to submit their phones for investigation, but only two persons -- Delhi-based journalist J Gopikrishnan and and Jharkhand-based activist Rupesh Kumar -- have come forward so far, according to The Times of India.
The committee has submitted an interim report to the Supreme Court, The Indian Express reported in February.
(With inputs from The New Yorker, The Times of India, and The Indian Express)