Lawmaker Probing Pegasus Spyware Infected Using Same Malware | #cybercrime | #infosec


Cybercrime as-a-service
,
Cyberwarfare / Nation-State Attacks
,
Endpoint Security

Members of European Parliament Seek Fresh Spyware Probe Following Revelations


Multiple European lawmakers are calling for a fresh investigation into spyware following new revelations that a European Parliament committee member probing Pegasus mobile device hacking software himself fell victim to attackers who wielded the surveillance tool against him.

See Also: Experts Offer Insights from Theoretical to the Realities of AI-enabled Cybercrime

A Friday report from the University of Toronto’s Citizen Lab details the apparent hacking of a smartphone used by leftist Greek journalist and MEP Stelios Kouloglou, at a time when he was also a member of the European Parliament’s PEGA Committee. Established in March 2022, the committee’s mission was to probe the 2021 revelation that countries were using Israel-based NSO Group’s Pegasus surveillance software to spy on dissidents, journalists and others. The committee operated until July 2023.

This is the first known Pegasus targeting of a PEGA Committee member, although other MEPs have fallen victim to the spyware, including France’s Nathalie Loiseau, Bulgaria’s Elena Yoncheva, and several Catalan MEPs.

Citizen Lab’s findings resulted from Kouloglou contacting its researchers in May, concerned that his smartphone might have been targeted. Their analysis of his iPhone led to their finding “with high confidence” that his smartphone suffered an infection on Oct. 21, 2022, and again in early March 2023. The researchers said attackers hacked his smartphone on an earlier date using the PWNYOURHOME zero-click exploit.

“PWNYOURHOME appeared to first involve the attacker sending a specially crafted NSKeyedArchive that landed in HomeKit, followed by malicious content that landed in MessagesBlastDoorService,” they wrote. “Apple mitigated the first issue with a change to HomeKit in iOS 16.3.1, though we assess that they fixed the MessagesBlastDoorServiceissue earlier, likely in iOS 16.1.” Apple released iOS 16.1 on Oct. 24, 2022, and iOS 16.3.1 on Feb. 13, 2023.

The Citizen Lab researchers said that their analysis found Kouloglou “received multiple Apple threat notifications about targeting with mercenary spyware on three occasions,” though he didn’t recall receiving them.

Kouloglou didn’t immediately respond to a request for comment from ISMG. But he told TechCrunch that he plans to sue NSO Group.

The timing of the infections is noteworthy. The first occurred while the PEGA Committee members were discussing – over text messages and email – their first draft report, and just days ahead of a series of committee hearings. At the time, Kouloglou was planning an imminent trip by the committee to Greece, one of the EU countries allegedly misusing spyware.

The second infection took place as “the PEGA Committee was engaged in intense discussions related to the final drafting process,” per Citizen Lab’s report, when committee lead Sophie in ‘t Veld, a Dutch former MEP, was visiting Greece with Parliament’s civil liberties committee.

Despite the frequent Greek connections in this tale, Citizen Lab researchers said there is no evidence of Greece being an NSO customer or Pegasus user. Greece has had its own big spyware scandal, which kicked off in 2022. But it involved Predator, built by Intellexa – previously described by Citizen Lab as being “a marketing label for a range of mercenary surveillance vendors that emerged in 2019,” with ties to a former Israeli army intelligence officer.

Instead, the first infection of Kouloglou’s device appeared to be the work of whoever targeted seven Russian and Belarusian-speaking independent journalists and opposition activists. Citizen Lab said both operations traced to the same Apple ID, and “in our understanding of Pegasus infection infrastructure during this period, we believe that these emails are unique to specific operators.”

Calls for Probe

Citizen Lab researchers on Friday called on the European Parliament to “conduct an immediate investigation” into their findings on Kouloglou’s infections. “Since some time has passed since this particular attack, prompt investigation is a matter of urgency to ensure that forensic traces are not lost,” they wrote.

The researchers also said that the European Parliament’s Directorate-General for IT and cybersecurity, which currently offers MEPs optional spyware screening, should “develop a plan to achieve substantially higher screening rates and publish yearly statistics on the number of devices screened and rates of discovery.”

Spokespeople for multiple political factions in the European Parliament told ISMG on Friday that action is needed.

“We want a plenary debate on the issue, and I think we plan to table it next week,” said Alex Johnson of the Greens/EFA group. “We haven’t seen the full implementation of all the recommendations [made by] the PEGA Committee, which needs to happen, and we need a thorough investigation into the news that’s broken today.”

The PEGA Committee’s recommendations included enforcing stricter limits on the authorization and use of spyware, greater governmental oversight and transparency on the issue, unique markers for the deployers of spyware, and better legal options for anyone targeted.

Thomas Shannon of The Left complained that “no progress has been made against spyware” since the committee published its recommendations in 2023. “Even the U.S. has sanctioned spyware companies. Europe? Nothing,” he said (see: Biden Administration Blacklists 2 Commercial Spyware Firms).

Renew Europe’s Linda Aziz-Rohlje said her liberal-centrist group was “very concerned by these reports.”

European Parliament spokesperson Delphine Colard stressed that the institution does offer spyware screening to its members, and dedicates “special attention” to the devices of MEPs sitting on committees such as PEGA. She also noted that Parliament’s special “European Democracy Shield” committee last month called for the “systematic extension” of the voluntary screening “to all devices used for parliamentary business.”

Colard declined to discuss additional, specific parliamentary cybersecurity measures in further detail.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW