EU Officials Phones Hacked By NSO’s Pegasus Spyware – Report

Image credit: European Commission

The European Union reportedly finds evidence that smartphones of senior officials may have been compromised by Pegasus spyware

NSO Group Pegasus spyware is back in the headlines this week, after the European Union found traces of it on the smartphones of a number of senior officials.

This is according to Reuters, which cited a letter from the EU’s top justice official, that pointed to evidence that smartphones used by some of its staff had been compromised by the spy software.

The furore surrounding NSO Group’s Pegasus surveillance tech has been intense in the past few years. So much so that NSO was said to be exploring its strategic options in December 2021 that included shutting the Pegasus unit or selling the entire company.

surveillance, spyware, hacking

Pegasus furore

Then in June 2022 it was reported that US defence contractor L3Harris was in talks to takeover NSO’s Pegasus surveillance technology.

NSO’s Pegasus spyware is sold mostly to governments for law enforcement purposes, but once its use for intelligence purposes was uncovered, it led to a huge outcry.

Privacy campaigners in December 2020 said they had found multiple cases in which the spyware had been deployed on the devices of dissidents or journalists.

Then in July 2021 the Pegasus Project alleged that NSO’s Pegasus spyware had been used “to facilitate human rights violations around the world on a massive scale.”

It allegedly uncovered evidence that revealed that the phone numbers for 14 heads of state, including French President Emmanuel Macron, Pakistan’s Imran Khan and South Africa’s Cyril Ramaphosa, as well as 600 government officials and politicians from 34 countries, had appeared in a leaked database at the heart of the investigative project.

In February the FBI made the startling admission that it had obtained NSO’s Pegasus spyware, but only for testing purposes.

EU compromise

And now Reuters has cited a letter dated 25 July sent to European lawmaker Sophie in ‘t Veld, from EU Justice Commissioner Didier Reynders.

The letter reportedly said Apple had informed him in 2021 that his iPhone had possibly been hacked using Pegasus.

The warning from Apple triggered an inspection of Reynders’ personal and professional devices as well as other phones used by European Commission employees, the letter apparently said.

Though the investigation did not find conclusive proof that Reynders’ or EU staff phones were hacked, investigators discovered “indicators of compromise” – a term used by security researchers to describe that evidence exists showing a hack occurred.

Last September traces of Pegasus spyware were allegedly found on the mobile phones of at least five French cabinet ministers.

Reynders’ letter did not provide further detail and he said “it is impossible to attribute these indicators to a specific perpetrator with full certainty.”

It added that the investigation was still active.

NSO response

Messages left with Reynders, the European Commission, and Reynders’ spokesman David Marechal were not immediately returned, Reuters reported.

An NSO spokeswoman said the firm would willingly cooperate with an EU investigation.

“Our assistance is even more crucial, as there is no concrete proof so far that a breach occurred,” the spokeswoman said in a statement to Reuters.

“Any illegal use by a customer targeting activists, journalists, etc., is considered a serious misuse.”

In April this year, security researchers at Citizen Lab at the University of Toronto announced that the UK Prime Minister’s Office (10 Downing Street), and the Foreign and Commonwealth Office (FCO) may have been infected by Pegasus in 2020 and 2021.

Legal battle

NSO is currently engaged in a legal battle with both Meta and Apple.

Meta’s Whatsapp sued NSO in October 2019, and alleged NSO was behind the cyberattack that infected WhatsApp users with advanced surveillance hacks in May 2019.

NSO is also being sued by Apple for violating its user terms and services agreement, and it alleges NSO engaged in surveillance and targeting of iPhone users in the US.

And in November 2021, the Biden administration placed NSO on its Entity List, and accused it of acting “contrary to the foreign policy and national security interests of the US”.

That designation makes it harder for US companies to do business with NSO, after determining that its phone-hacking technology had been used by foreign governments to “maliciously target” political dissidents around the world.

The US Supreme Court recently asked the Biden administration for its thoughts on whether the justices should hear the case over whether WhatsApp can pursue its lawsuit of NSO.

NSO continues to insist that it sells its products only to “vetted and legitimate” government clients.