A report claims that Pegasus spyware was used to hack iPhones belonging to senior officials in the European Union, including the European Justice Commissioner. Israeli firm NSO Group which developed the spyware denies that its tools were used in the attack.

If you aren’t aware, Pegasus is powerful spyware sold to governments and enforcement agencies. It leverages zero-day vulnerabilities in iOS that Apple doesn’t know to attack devices using zero-click exploits. This means the victim will not have to click on any link or open any app for the malware to infect the iPhone. Once delivered to the victim via iMessage, the malware silently installs itself and cleans up traces of installation and operation as it collects the victim’s data and transmits it to the attackers. Pegasus is capable of reading the victims’ SMS messages, logging keystrokes, listening in on calls, and remotely accessing the iPhone camera.

Apple proactively patches vulnerabilities and notifies iPhone users if the malware has compromised their devices. Although the malware simultaneously finds other vulnerabilities, Apple’s notification to thousands of iPhone users in November 2021 was instrumental in discovering these attacks on EU officials.

Reuters reports that at least five European Commission staffers, including Belgian statesman and European Justice Commissioner Didier Reynders, were targeted by the spyware. Two EU officials told the publication that Apple’s notification alerting them of “state-sponsored attackers.” This was followed by an email from an official that advised Commission staffers about the severity of the matter and to look out for this message.

Meanwhile, the country that allegedly used the spyware to target EU employees is unknown. Whether the attacks succeeded or not is also a mystery. NSO Group claims the attack “could not have happened” with its tools.

The US has banned the use and import of Pegasus spyware in its enforcement agencies and this incident could reportedly lead to the EU following suit.