Hackers have been targeting senior figures at the European Commission, official reports say.
One of the intended victims was Belgian statesman, Didier Reynders, along with four other high up officials within the EC. Each was hit with spy software believed to have been created by an Israeli surveillance company.
The EC found out about the stealth monitoring after Apple told iPhone users in November 2021 that state-sponsored attackers were to be considered a cyber-threat, an alert that immediately appeared on the radar of cyber experts at the EC.
In an email reviewed by Reuters, senior tech staffers were told: “Given the nature of your responsibilities, you are a potential target.”
Individuals responsible for the Israeli spyware have not yet been identified, and it is not yet clear whether attempts to infiltrate security surrounding Reynders and his colleagues have been successful.
Cyber specialists say the victims may have been targeted between February and September 2021 by programmes employed by Israeli cyber monitoring provider, NSO Group. The technology is typically used to help overseas government agents to seize control of iPhones from remote locations, and without users’ permission.
NSO has said it is not responsible for the cyber-strikes, explaining that what has gone on “could not have happened with NSO’s tools.”
The group, which faces a number of court cases in the US, was recently put on an official American watch-list concerning alleged abuses of human rights. NSO has expressed its support of a probe into the targeting of the Brussels officials, and has underlined its desire to see the development of a more robust international framework to control the spyware sector.
Examinations of iPhones that were believed to be contaminated as a result of the hacking, have not found evidence of infiltration, EU sources say.
The news comes as the US steps up its scrutiny of spyware vendors such as NSO. The European Parliament is preparing to open an investigation into the employment of spying software within EU member states this month, said EU lawmaker, Sophie in ‘t Veld.
“We really have to get to the bottom of this,” in ‘t Veld said, after describing the spyware revelations as “dynamite”
Warning against a knee-jerk reaction to the potential hacking campaign, and the identification of those responsible, Kenneth Lasoen, a research fellow at the Clingendael Netherlands Institute of International Relations, called the EU “a very high-profile target for multiple actors.”
“Brussels is a true nest of espionage,” Clingendael added.
PrivSec World Forum
Part of the Digital Trust Europe Series - will take place through May, June & July 2022, visiting five major cities;
PrivSec World Forum is a two-day, in-person event taking place as part of the Digital Trust Europe series. Data protection, privacy and security are essential elements of any successful organisation’s operational make-up. Getting these things right can improve stakeholder trust and take any company to the next level.
PrivSec World Forum will bring together a range of speakers from world-renowned companies and industries—plus thought leaders and experts sharing case studies and their experiences—so that professionals from across all fields can listen, learn and debate.