European officials reportedly targeted by NSO spyware
Pegasus software maker faces mounting lawsuits, investigations in the US and EU
Someone at least tried to use NSO Group's surveillance software to spy on European Commission officials last year, according to a Reuters report.
European Justice Commissioner Didier Reynders and at least four commission staffers were targeted, according to the news outlet, citing two EU officials and documentation.
The European Commission did not immediately respond to The Register's request for comment.
NSO is the Israeli cyber-surveillance firm that developed the infamous Pegasus software that, once in an infected phone or other device, can extract data and carry out other espionage. It can be installed on a victim's gadget without any user interaction: typically, they have to just receive a booby-trapped message. And once it's deployed, the NSO customer controlling that instance of Pegasus has access to everything on the victim's handheld, including text messages, phone calls, emails, passwords, and photos.
- Whistleblower claims NSO offered 'bags of cash' for access to US phone networks
- NSO fails once again to claim foreign sovereign immunity in WhatsApp spying lawsuit
- Uncle Sam to clip wings of Pegasus-like spyware – sorry, 'intrusion software' – with proposed export controls
- Who honestly has a crown prince in their threat model? UN report officially fingers Saudi royal as Bezos hacker
In November Apple sent security alerts to iPhone owners whose devices may have been compromised by state-sponsored spyware.
Reuters said the European Commission "became aware of the targeting" of its people following Apple raising that alarm. The news agency also said it reviewed an email originating from a "senior tech staffer" who warned Euro officials: "Given the nature of your responsibilities, you are a potential target."
Reuters said it couldn't determine who planted the spyware, what they were looking for, or if the attempts were successful. It's unclear to us if the European officials were actually targeted by Pegasus or simply on alert after Apple issued its warning about state-backed malware. Reuters is adamant Reynders and at least four other commission staffers were menaced by NSO spyware, according to its sources.
NSO didn't respond to The Register's inquiries. But it sent a statement to Reuters saying that it wasn't responsible, and that targeting EU commissioners and staffers "could not have happened with NSO's tools."
Also last November Apple sued NSO Group for targeting Apple users with an exploit called ForcedEntry. It abused a now-patched vulnerability to hijack Apple devices and install Pegasus. According to Apple, the spyware was used to monitor "a small number of Apple users worldwide."
Shortly after that, the US government barred NSO for providing spyware to foreign governments that "used these tools to maliciously target" government officials, journalists, businesses, embassy workers, activists, and academics.
Despite Uncle Sam's crackdown, the FBI admitted to testing Pegasus for potential use in criminal investigations.
Facebook parent company Meta has also sued NSO, alleging that the spyware illegally targeted WhatsApp users.
Meanwhile, as lawsuits and political pressure mount against the NSO in the US, the European Parliament is moving ahead with its own probe into the use of Pegasus surveillance software.
EU lawmaker Sophie in 't Veld, who lobbied for the committee investigation, told Reuters that she wasn't aware that the spyware had targeted Reynders and other commission officials.
"We really have to get to the bottom of this," she said. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust