EU Officials Reportedly Targeted with Israeli Pegasus Spyware

Senior officials in the European Union were allegedly targeted
with NSO Group’s infamous Pegasus surveillance tool, according to a
new report^[1]
from Reuters.

At least five individuals, including European Justice
Commissioner Didier Reynders, are said to have been singled out in
total, the news agency said, citing documents and two unnamed E.U.
officials. However, it’s not clear who used the commercial spyware
against them or what information was obtained following the
attacks.

NSO Group said in a statement shared with Reuters that it was
not responsible for the hacking attempts, adding that the targeting
“could not have happened with NSO’s tools.”

The targeting is said to have come to light after Apple notified
the victims of state-sponsored attacks last November as part of its
efforts to stop the Israeli surveillance firm from targeting its
customers.

That same month, the iPhone maker filed a lawsuit^[2]
against NSO Group, seeking a court-issued injunction aimed at
banning the company from using its products and services to develop
and launch spyware attacks.

Apple called NSO Group as “notorious hackers — amoral 21st
century mercenaries who have created highly sophisticated
cyber-surveillance machinery that invites routine and flagrant
abuse.”

Pegasus, typically deployed through sophisticated “zero-click”
exploits like FORCEDENTRY^[3], grants its government
and law enforcement customers complete access to a target’s device,
including their personal data, photos, messages, and precise
location.

The widespread abuse of Pegasus to systematically spy on civil
society in recent years has led the U.S. government to add NSO
Group to its trade blocklist^[4], in turn prompting
Israel to restrict the number of countries^[5] to which local security
firms can sell offensive hacking and surveillance tools.

In February 2022, the European Data Protection Supervisor
called^[6]
for a ban on the development and the use of Pegasus-like commercial
spyware in the region, pointing out the technology’s “unprecedented
level of intrusiveness” that could endanger users’ right to
privacy.

But despite attempts to regulate the use of spyware, a forensic investigation^[7]
released by Front Line Defenders last week found that the iPhone
belonging to Suhair Jaradat, a Jordanian journalist and human
rights defender, was hacked with Pegasus via a malicious WhatsApp
message in December 2021, weeks after Apple initiated legal
proceedings.

“The fact that the targeting we uncovered happened after the
widespread publicity around Apple’s lawsuit and notifications to
victims is especially remarkable,” the report said.

“A firm that truly respected such concerns would have at least
paused operations for government clients, like Jordan, that have a
widely publicized track record of human rights concerns and had
enacted emergency powers giving authorities widespread latitude to
infringe on civil liberties.”