[dgut]

> Seems clear at this point that the official Spanish government was behind these attacks, or the official registries got hacked (together with various delivery companies). Both are bad, but that signs are pointing to the earlier makes it even worse.

Not arguing again't your claim either way, but SMS sender can be set to anything, it's a feature of the system for it to work. The "DNI" (Spanish identification number) can't be considered private information and isn't difficult to find.

[capableweb]

The mix of having access to Pegasus, PNR database, records from delivery services and more makes it clear that it's not a solo/individual hacker/group doing all of this, it would require extensive compromise of multiple organizations to get access to those kind of things.