EU officials were targeted with Israeli surveillance software

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission.

One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019.

The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices.

In November, Apple sent thousands of messages to iPhone owners, including the EU officials, to notify them they were “targeted by state-sponsored attackers.”

“It was the first time Apple had sent a mass alert to users that they were in government hackers’ crosshairs.” reported the Reuters. “The warnings triggered immediate concern at the commission, the two officials said. In a Nov. 26 email reviewed by Reuters, a senior tech staffer sent a message to colleagues with background about Israeli hacking tools and a request to be on the lookout for additional warnings from Apple.”

Security researchers said that Apple sent the warnings to its users targeted between February and September 2021. The Pegasus spyware used the ForcedEntry zero-day exploit to compromise the recipients’ devices without their interaction.

“IT experts examined at least some of the officials’ smartphones for signs of compromise but the results were inconclusive, according to the two EU sources, who spoke on condition of anonymity because they weren’t authorized to speak to the press.” concludes the report. “Reuters has not been able to determine whether the commission is still investigating the matter.”

NSO sent a statement to Reuters to exclude the involvement of its surveillance tools in the attacks reported by the agency. The targeting described by Reuters “could not have happened with NSO’s tools.”

In November, Apple sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting its customers with the surveillance spyware Pegasus.

According to the lawsuit, NSO Group is accountable for hacking into Apple’s iOS-based devices using zero-click exploits. The software developed by the surveillance firm was used to spy on activists, journalists, researchers, and government officials.

In December, Apple warned that the mobile devices of at least nine US Department of State employees were compromised with NSO Group‘s Pegasus spyware.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pegasus)

[adrotate banner=”5″]

[adrotate banner=”13″]