In late 2023, an Israeli security researcher from Tel Aviv received a LinkedIn message offering a lucrative opportunity abroad. They were told the job was with a “legitimate” offensive security company starting afresh in Barcelona, Spain. However, as the recruitment process unfolded, the researcher noticed unusual secrecy.
“The secrecy felt strange. Some employees interviewing me didn’t use their full names. It took ages for them to reveal the company’s location, let alone its name. If everything is legitimate, why all the mystery?”
The researcher further explained that the company’s chief technology officer (CTO) assured them it would only work with ethical clients. However, they remained sceptical. “It seemed like a company that might end up sanctioned in the future,” they said.
The CTO, Alexey Levin—a former researcher at NSO Group, a sanctioned spyware firm—revealed the company’s name: Palm Beach Networks. According to the researcher, Levin described the company’s work as developing zero-day exploits and spyware implants, tools used to breach devices and monitor targets. Levin also claimed the company had at least one U.S. government client. Levin declined to comment when approached.
Why Barcelona? A mix of opportunity and controversy
So why set up a spyware company in Barcelona, a city once embroiled in a scandal involving spyware used on pro-independence politicians? The researcher explained that employees cited several reasons: the city’s Mediterranean lifestyle, tax incentives, and favourable weather—which also attract other tech startups.
Over recent years, Barcelona has unexpectedly become a hub for offensive cybersecurity companies. Several experts believe this shift places Europe in a precarious position, as the spyware industry often intersects with corruption and abuse.
Natalia Krapiva, legal counsel at the digital rights group Access Now, highlighted the risks: “Spyware businesses frequently align with corruption and misuse of power. Spanish citizens, media, and policymakers should scrutinise these companies to ensure they comply with national and EU laws.”
Spyware misuse has a troubling history. John Scott-Railton, a senior researcher at Citizen Lab, noted that such tools have been used against diplomats, activists, and even politicians. He warned that spyware firms in Barcelona could exacerbate Europe’s ongoing spyware crisis. “History shows these tools often end up in the hands of clients who target allies and partners,” Scott-Railton said.
Sun, seafood, and surveillance startups
Barcelona is now home to several other spyware and exploit developers. Paradigm Shift is a spin-off of the beleaguered Variston, which struggled to stay afloat in 2024. Another is Epsilon, led by Jeremy Fetiveau, a veteran from U.S. defence contractor L3Harris. The city also hosts a group of Israeli researchers who moved to Barcelona from Singapore specialising in zero-day exploits.
Additionally, Austrian cybersecurity company SAFA has a presence in Barcelona, with its CEO, Andrijana Šekularac, reportedly based there. SAFA has sponsored prominent offensive security conferences and employs former spyware researchers. Šekularac did not respond to requests for comment.
The Catalan regional government estimates over 10,000 professionals work in more than 500 cybersecurity companies across Barcelona. While this growth boosts the local economy, the rise of spyware firms raises concerns about Europe’s regulatory oversight and ethical accountability.
As Barcelona enjoys its reputation for sunshine, vibrant culture, and innovation, the city must grapple with its new identity as a key player in the global spyware industry.
