European Justice Commissioner Didier Reynders and at least four other commission staffers were targeted last year using NSO Group’s surveillance software, according to two EU officials and documentation reviewed by Reuters.
The commission became aware of the targeting thanks to warning messages from Apple sent out in November to thousands of users informing them that they were victims of state-sponsored attackers. This also marks the first time Apple has sent out mass alerts to users informing them of a potential attack.
At the moment, it’s unclear which exact spyware was used to target the five victims and whether or not the attack succeeded and how much information the attackers might have gained out of these attacks.
More trouble for NSO
At least some of the targeted officials’ phones were inspected by IT experts, but the investigation turned out to be inconclusive. The European Parliament is also set to launch a committee of inquiry to investigate surveillance software in EU member states on April 19.
The committee was formed after reports of senior opposition politicians in Poland being targeted with Israeli spyware. Victims included prominent critics and investigative journalists as well.
NSO has declined responsibility for the attacks and has said that the targeting couldn’t have been done with the company’s tools. NSO faces a number of lawsuits and has been blacklisted by US officials over alleged human rights abuses.
Additionally, Apple has sued NSO Group for targetting Apple users with the ForcedEntry exploit, which abused a now patched vulnerability to hijack Apple devices and install the company’s infamous Pegasus spyware. In Apple’s own words, the device was used to spy on a small number of Apple users worldwide.
In the News: Qbot botnet changes tactics to infect Windows users