TL;DR: On January 22, 2026, Spain's High Court closed its investigation into the hacking of Prime Minister Pedro Sanchez with NSO Group's Pegasus spyware. The reason? Israel refused to respond to five separate cooperation requests over nearly three years. Sanchez's phone was infected five times between 2020-2021. At least 2.5 gigabytes of data was stolen. The defense minister, interior minister, and agriculture minister were also hacked. Israel's silence killed the investigation. NSO walks free.

The Hack

Between 2020 and 2021, someone used Pegasus spyware to hack Spanish Prime Minister Pedro Sanchez's phone. Not once. Five times.

At least 2.5 gigabytes of data was stolen. Think about what's on your phone. Texts. Emails. Photos. Call logs. Location history. Contacts. Documents. Now imagine someone took 2.5 gigabytes of that from the leader of a major European nation.

Defense Minister Margarita Robles was hit four times over five months in 2021. Interior Minister Fernando Grande-Marlaska and Agriculture Minister Luis Planas were also targeted.

This wasn't garden-variety hacking. This was Pegasus: NSO Group's flagship spyware that costs millions, requires government-level resources, and was supposed to be used only for "fighting crime and protecting national security."

The Investigation That Couldn't

Judge Jose Luis Calama of Spain's High Court has been trying to investigate since 2022. Here's what happened:

  • May 2022: First request to Israel for cooperation
  • July 2023: Investigation shelved due to lack of suspect and cooperation difficulties
  • April 2024: Case reopened after France shared information from its own Pegasus investigation
  • February 2025: Fifth cooperation request sent to Israel
  • January 22, 2026: Investigation closed permanently

Five requests. Zero responses. Nearly three years of silence.

Calama didn't hide his frustration. He wrote that Israel's failure to respond, including refusing to let investigators question then-NSO CEO Shalev Hulio, "prevents us from advancing in the investigation of the facts."

He called it a "manifest breach of international obligations."

What Israel's Silence Means

Israel didn't deny anything. They just didn't answer. And that's enough to kill an investigation.

NSO Group operates under Israeli government export licenses. The Israeli government approves which countries can buy Pegasus. When a foreign government asks Israel for help investigating Pegasus abuse, Israel can simply... not respond.

The company's standard defense: "We can't monitor how clients use the software." But that defense requires assuming good faith. When you refuse to cooperate with any investigation, you forfeit any claim to good faith.

Spain's spy chief already resigned over this scandal in 2022. That's the only accountability anyone faced. The people who actually hacked Spain's government? Unknown and untouchable.

Part of a Pattern

Spain isn't alone. Pegasus investigations keep hitting the same wall:

  • Mexico: Journalists and activists hacked. Limited accountability.
  • Hungary: Opposition figures targeted. Investigation went nowhere.
  • Poland: Government admitted using Pegasus against opposition. Still ongoing.
  • France: President Macron's phone was reportedly targeted. Investigation continues.
  • Catalonia: Over 60 independence activists hacked. Spain blamed domestic use but never identified who authorized it.

The playbook is consistent: Hack opponents, let the scandal break, refuse cooperation, wait for the investigation to die.

NSO Group's Rebrand Attempt

While Spain's investigation was dying, NSO was busy reinventing itself.

CEO Yaron Shohat stepped down on January 1, 2026. US investors bought the company. Former Trump official David Friedman became executive chairman. NSO released a "transparency report" positioning itself as reformed.

The report didn't mention any customer rejections, investigations, suspensions, or terminations over human rights violations. The company that's been implicated in hacking journalists, dissidents, and heads of state across multiple continents is claiming accountability while providing zero evidence of it.

The US blacklisted NSO in 2021. The company is trying to get off that list. Spain's investigation closing helps that case.

What This Tells You

If a NATO ally's prime minister can get hacked, investigated, and see that investigation collapse due to stonewalling, what chance does anyone else have?

Spyware companies operate in a legal gray zone. They sell to governments. Governments protect them. International cooperation fails because the selling governments have no incentive to cooperate.

Spain discovered preliminary evidence of "illegal gathering of classified information that jeopardized national security." That's the judge's words. And it didn't matter. The investigation is closed. Nobody is accountable.

This is how the spyware industry works. This is why it keeps growing.

Sources

  1. Spain closes Pegasus spyware probe again, saying Israel has not responded - Al-Monitor
  2. Spain drops probe into targeting of Pedro Sanchez with Pegasus spyware - UPI
  3. Spanish judge shelves investigation of Pegasus use for attacks on PM Sanchez - Jerusalem Post
  4. NSO Group's Chief Steps Down - Haaretz