Senior EU officials targeted with NSO spyware – report
Several senior European Union officials were targeted last year with spyware developed by Israeli security firm NSO Group, Reuters reported Monday, citing two officials and documents.
The report said that among four targeted European Commission officials was Belgian European Justice Commissioner Didier Reynders.
Security researchers cited in the report said the alleged hacking made use of NSO Group’s ForcedEntry software, which allows attackers to directly infect iPhones and other Apple devices without any user action.
Two of the officials confirmed that their staffers had been hacked, but did not give further details. Both were quoted as saying that the European Commission had been alerted to the alleged attack by messages that Apple issued to thousands of its product users warning that they’d been “targeted by state-sponsored attackers.”
The report cited a November 26 email by a senior European Commission tech staffer to colleagues which, it said, provided background on hacking software and requested them to be on the lookout for additional warnings.
“Given the nature of your responsibilities, you are a potential target,” the email said, according to the report.
The report also said that technology experts examined some of the EU official’s allegedly hacked devices, but that analysis did not produce conclusive results.
Reynders, his spokesman and European Commission spokesman Johannes Bahrke declined to comment, as did Apple.
NSO Group said in a statement that it was not responsible for the alleged hacking attempts described in the report, and added that it was in favor of an investigation into the matter.
The report comes after the European Parliament last week created a “committee of inquiry” to probe accusations over the use of the NSO Group’s Pegasus spyware by governments in the bloc, notably in Hungary and Poland.
Lawmakers voted overwhelmingly to “investigate alleged breaches of EU law in the use of the surveillance software by, among others, Hungary and Poland,” a statement said.
The 38-member committee “is going to look into existing national laws regulating surveillance, and whether Pegasus spyware was used for political purposes against, for example, journalists, politicians and lawyers,” it said.
The Pegasus malware, created by the NSO Group, was engulfed in controversy last July after a collaborative investigation by several media outlets reported that a string of governments around the world had used it to spy on critics and opponents.
Hungary was listed by the investigative journalism consortium as a potential user of Pegasus, with targets including journalists, lawyers and other public figures.
A senior official in Hungary’s ruling party Fidesz confirmed that the country had used the software, but said it had not been used to illegally spy on citizens. Poland’s powerful ruling party leader admitted in January that the country had also bought the Israeli spyware, but dismissed claims it was used against the opposition.
Citizen Lab, a cybersecurity watchdog based in Canada, has said that Pegasus was used against Polish opposition figures.
Pegasus can turn smartphones into pocket spying devices, allowing the user to read the target’s messages, track their location, and even turn on their camera and microphone without their knowledge.