The European Commission has discovered 'evidence' that the mobile phones of its staff members were infiltrated using the notorious Pegasus spyware. One high profile target included the Justice Commissioner, Belgian Didier Reynders, according to a letter seen by AFP on Thursday.
The Pegasus spyware, designed by Israeli NSO Group, has been in the spotlight since it was discovered in 2021 that the spyware was sold to authoritarian regimes and used to target politicians, journalists and activists. In the EU, countries such as Poland and Hungary have used the technology to spy on their critics.
In the letter dated July 25 addressed to MEP Sophie in't Veld, Reynders suggested that he had received an alert from Apple in November 2021 informing him that his phone may have been infiltrated by the technology. Other Commission staff received similar notifications.
- Belgian police reveal use of controversial Pegasus spyware
- Spyware investigation: 'European democracies aren’t immune'
- European Parliament starts inquiry into misuse of spyware by Member States
The alerts triggered an investigation, although this couldn't confirm that Pegasus had succeeded in infecting Reynders' devices, nor those of the other staff members. However, "several device checks have led to the discovery of hacking clues," the letter noted, but it was "impossible to attribute these to a specific author with certainty."
Although the letter doesn't provide more details of the investigation, it is still ongoing. Citing security reasons, the spokesperson for the European Commission refused to say how many phones had been targeted when questioned at a press briefing on Thursday.
NSO said it was ready to "cooperate with any investigation to establish the truth," according to a company spokesperson, who stressed "there is no absolute evidence to date that a breach has occurred."
Investigating Member States
The letter from Commissioner Didier Reynders followed a request for information from Dutch MEP Sophie in't Veld (Renew Europe), the lead negotiator for European Parliament's investigation into how Pegasus has been used to target journalists, politicians and other civil society members.
The Commission has contacted Hungary, Poland and Spain about their use of Pegasus, raising concerns over non-compliance with EU privacy law.
According to the Commission, Hungary and Poland have replied that the use of this software is a 'national security' matter and therefore outside the scope of the EU's remit, which Brussels disputes. Spain has yet to respond.