Another European Parliament member says he’s been targeted with commercial spyware

Avatar

A German member of Europe’s Parliament said his mobile phone was targeted with powerful commercial spyware in May, according to an X post he published Thursday night.

The attempted infection, deemed likely to have emanated from prominent spyware vendor Candiru, masqueraded as an email from someone asking that he  click on a link, said Daniel Freund, the Parliamentarian.

Although there’s no evidence to link the attack to a specific actor, Freund said he believes Hungary’s authoritarian prime minister Viktor Orbán and his administration are to blame. Freund has been a vocal critic of Orbán, whose regime is known for using commercial spyware. In a May post on his personal website, Freund railed against the fact that Hungary was slated to, and has since, taken over the European Union’s rotating presidency.

“Of all people, the man who tramples European values is supposed to be sitting in the EU’s chief seat: Viktor Orbán,” Freund said in his post, which called on European Council President Charles Michel to put the Hungarian presidency on hold.

“I’m not saying it was Hungary, but out of the possibilities, this is what seems most likely,” Freund told Politico Europe, the first outlet to report the news.

On X, Freund also focused on the identity of the culprits.

“So who was behind it?,” he wrote. “We don’t know. But among the countries suspected of operating Candiru are: UAE, Israel, Saudi Arabia, Indonesia, and Hungary. Make a guess.”

Orban’s government also has previously been linked to the NSO Group’s powerful zero-click Pegasus spyware.

The targeting of Freund’s phone appears to have been facilitated by an email pretending to be from a Kyiv International University student who asked Freund to click on a link relating to a seminar she was organizing, Freund told Politico.

The European Parliament constantly monitors spyware threats, according to a Parliament spokesperson, who declined to provide details on the targeting of Freund.

Since April 2022 Parliament has offered members spyware detection services. Hundreds of device checks have been conducted since then, the spokesperson said.

A document being prepared by the European Commission says that member nations can no longer cite national security to defend their use of spyware, according to a second Politico Europe report published Monday.

That draft report asserts governments using powerful spyware such as Pegasus “cannot exercise their responsibility in a way that undermines the effectiveness of EU law” regulating data privacy, according to the reporter, who said she read the document, which addresses a prior European Parliament committee report on spyware.

Traces of spyware were discovered on phones owned by members of a Parliament Committee working on national security issues in February. All three victims — two members and a staffer — worked at the European Parliament’s Subcommittee on Security and Defense.

In 2022, digital forensic researchers from The Citizen Lab, which specializes in detecting advanced commercial surveillance, found that phones belonging to Parliamentarians representing the Catalan independence movement had been hit with Pegasus and Candiru.

A Greek member of Parliament was found to have been targeted with Predator spyware, a third advanced phone surveillance system, that same year.

As a result, the European Parliament launched an investigation and discovered that at a minimum Poland, Greece, Hungary and Spain used commercial spyware for political advantage and to monitor journalists.

GovernmentCybercrimeLeadershipNewsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley

is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.

 

Total
0
Shares
Previous Post

CIONews All Things BFSI & Fintech Summit 2024

Next Post

Fake postal messages targeting Indian users is linked to China, researchers say

Related Posts

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who
Avatar
Read More

THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 23-29)

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more
Avatar
Read More