The European commission, the EU executive’s arm in Brussels, said it had found indications that phones of some of its top officials have been compromised by the Pegasus spyware, according to a letter seen by AFP on Thursday.
In the letter dated July 25 to Dutch MEP Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said he was alerted by Apple in November 2021 of a possible hacking of his smartphone by the Pegasus software.
Pegasus, which can switch on a phone’s camera or microphone and harvest its data, was engulfed in controversy last year after several media outlets reported that governments around the world had used it to spy on opponents.
In the letter, Reynders said an in-house investigation did not “confirm that Pegasus had succeeded in infecting the devices, personal or professional” of he or other EU staff.
But “several device checks led to the discovery of indicators of compromise”, the letter said, adding that “it is impossible to attribute these clues to a specific perpetrator with certainty”.
Citing security concerns, the letter did not give further details on the outcome of the Commission’s investigation, which is still ongoing.
In ‘t Veld is part of an EU Parliament probe into Pegasus to explore accusations over the use of Pegasus spyware by EU governments, notably in Hungary and Poland as well as Spain.
Spain’s prime minister, Pedro Sanchez, vowed last month to tighten oversight of the country’s secret services after a scandal over the use of Pegasus to hack top politicians’ mobile phones.
The affair broke in April when Canadian cybersecurity watchdog Citizen Lab said the telephones of more than 60 people linked to the Catalan separatist movement had been tapped using Pegasus spyware.
Reynders said the commission had sent requests for more information to Hungary, Poland and Spain on their use of Pegasus.
Budapest and Warsaw responded that the use of Pegasus was for legitimate nationals security reasons.