EU officials' iPhones were targets of NSO Group's spyware

NSO Group is known for producing software tools used for surveillance, typically by introducing malware to a device. While it is best known for the Pegasus hacking tool, which was used by governments around the world and capable of infiltrating an iPhone, it seems other tools from the firm are being used for similar purposes.

According to two EU officials and documents seen by Reuters, a number of senior officials at the European Commission became targets of NSO's tools. The list includes Didier Reynders, who has served as European Justice Commissioner since 2019, as well as at least four commission staff members.

After Apple started to warn thousands of iPhone owners that they were targeted by "state-sponsored attackers," officials in the commission became concerned that there could be a problem. A tech staffer warned colleagues within the commission to be vigilant on November 26, since the commission's employees were considered "a potential target."

So far, it is unclear whether attackers succeeded in gaining access to the iPhones of targets, nor what they would've acquired had they been successful. Neither an EC spokesperson nor Apple commented on the matter.

Though press at the time discussed Pegasus, it appears that another tool by NSO was being used. Security researchers say attempts were made between February and September 2021, using a tool titled ForcedEntry.

NSO Group insisted in a statement that it wasn't responsible for any of the hacking attempts and that they "could not have happened with NSO's tools." It did support an investigation into the targeting of officials, as well as calling for global rules concerning the spyware industry itself.

The discovery of the misuse of NSO Group's tools certainly doesn't help the company's profile following the Pegasus scandal, when it was found the tool was used by governments to spy on journalists, activists, and government opponents, instead of for fighting crime.

The adoption of Pegasus and other tools by government agencies led to lawmakers in the U.S. asking Apple and the FBI about the latter's acquisition of NSO Group tools in March.

Meanwhile, the European Parliament will be launching a committee on April 19 to investigate the use of surveillance software in European member states.