A complex spyware attack hit nearly half a dozen of the European Union’s top legal officials last year.
Reuters reports that the phones of at least five EU officials were hacked with invasive malware between February and September of 2021. One of the targeted officials was Belgian politician Didier Reynders, the EU’s European Justice Commissioner since 2019, equivalent to the Attorney General in the United States. At least four other members of the Justice and Consumers commission, were also spied on, the outlet says.
It’s not totally clear why these officials were targeted or who used the malware against them. Reuters reports that the affected parties were initially notified by Apple, which sent out a series of unprecedented emergency alerts to iPhone users last year warning of government targeting of user devices. Previously published security research has found that the recipients of these alerts had fallen prey to FORCEDENTRY, a sophisticated exploit created by the NSO Group. The notorious Israeli spyware maker is widely known for selling its spyware, Pegasus, to shady governments all over the world, as well as to hawking technically sophisticated exploits like FORCEDENTRY.
As with many instances in the past, NSO has denied that it had any involvement in this case—telling Reuters that the hacking of the EU officials “could not have happened with NSO’s tools.” In general, the company has long maintained that its products are only used for legitimate law enforcement and terrorism investigations and are not used for domestic spying. Reuters also reached out to QuaDream, another, more secretive Israeli surveillance firm, but did not get any sort of comment or response. Pegasus is a powerful commercial malware that has allegedly been used to hack a broad array of people, including other European politicians, political activists, human rights attorneys, and U.S. State Department officials.
The claims that EU officials were targeted with NSO Group software comes at potentially the worst possible time for the company as it continues to battle both legal and financial troubles, as well as multiple government investigations.
On Monday, the Associated Press reported that NSO is now appealing to the U.S. Supreme Court in a new effort to rid itself of a hefty lawsuit filed by the encrypted messaging service WhatsApp. WhatsApp, which is owned by social media giant Meta, sued NSO in October of 2019 after the surveillance firm’s malware was allegedly discovered on some 1,400 users’ phones. NSO has previously tried to get the case thrown out, without success. The company is also currently battling another lawsuit from Apple filed last November on similar grounds.