Another European Parliament member says he’s been targeted with commercial spyware

Avatar

A German member of Europe’s Parliament said his mobile phone was targeted with powerful commercial spyware in May, according to an X post he published Thursday night.

The attempted infection, deemed likely to have emanated from prominent spyware vendor Candiru, masqueraded as an email from someone asking that he  click on a link, said Daniel Freund, the Parliamentarian.

Although there’s no evidence to link the attack to a specific actor, Freund said he believes Hungary’s authoritarian prime minister Viktor Orbán and his administration are to blame. Freund has been a vocal critic of Orbán, whose regime is known for using commercial spyware. In a May post on his personal website, Freund railed against the fact that Hungary was slated to, and has since, taken over the European Union’s rotating presidency.

“Of all people, the man who tramples European values is supposed to be sitting in the EU’s chief seat: Viktor Orbán,” Freund said in his post, which called on European Council President Charles Michel to put the Hungarian presidency on hold.

“I’m not saying it was Hungary, but out of the possibilities, this is what seems most likely,” Freund told Politico Europe, the first outlet to report the news.

On X, Freund also focused on the identity of the culprits.

“So who was behind it?,” he wrote. “We don’t know. But among the countries suspected of operating Candiru are: UAE, Israel, Saudi Arabia, Indonesia, and Hungary. Make a guess.”

Orban’s government also has previously been linked to the NSO Group’s powerful zero-click Pegasus spyware.

The targeting of Freund’s phone appears to have been facilitated by an email pretending to be from a Kyiv International University student who asked Freund to click on a link relating to a seminar she was organizing, Freund told Politico.

The European Parliament constantly monitors spyware threats, according to a Parliament spokesperson, who declined to provide details on the targeting of Freund.

Since April 2022 Parliament has offered members spyware detection services. Hundreds of device checks have been conducted since then, the spokesperson said.

A document being prepared by the European Commission says that member nations can no longer cite national security to defend their use of spyware, according to a second Politico Europe report published Monday.

That draft report asserts governments using powerful spyware such as Pegasus “cannot exercise their responsibility in a way that undermines the effectiveness of EU law” regulating data privacy, according to the reporter, who said she read the document, which addresses a prior European Parliament committee report on spyware.

Traces of spyware were discovered on phones owned by members of a Parliament Committee working on national security issues in February. All three victims — two members and a staffer — worked at the European Parliament’s Subcommittee on Security and Defense.

In 2022, digital forensic researchers from The Citizen Lab, which specializes in detecting advanced commercial surveillance, found that phones belonging to Parliamentarians representing the Catalan independence movement had been hit with Pegasus and Candiru.

A Greek member of Parliament was found to have been targeted with Predator spyware, a third advanced phone surveillance system, that same year.

As a result, the European Parliament launched an investigation and discovered that at a minimum Poland, Greece, Hungary and Spain used commercial spyware for political advantage and to monitor journalists.

GovernmentCybercrimeLeadershipNewsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley

is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.

 

Total
0
Shares
Previous Post

CIONews All Things BFSI & Fintech Summit 2024

Next Post

Fake postal messages targeting Indian users is linked to China, researchers say

Related Posts

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the
Avatar
Read More

Google’s New Restore Credentials Tool Simplifies App Login After Android Migration

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. "With Restore Credentials, apps can seamlessly onboard
Avatar
Read More