Candiru: New spyware attack on member of European Parliament
Two weeks before the European elections, German MEP Daniel Freund (Greens) was the target of an attempted spying operation using the state Trojan Candiru.
German EU politician Daniel Freund (Greens) has become the focus of cyber criminals shortly before the European elections.
(Image: Motortion Films/Shutterstock.com)
The EU Parliament is concerned about cyber espionage. The latest victim of an - ultimately unsuccessful - attack using a state Trojan is German MEP Daniel Freund from the Green Party. "On May 27, an attempt was made to install spyware on my cell phone," the politician announced on X on Thursday. "It was an email from someone asking me for support - and to click on a link." Fortunately, he didn't do that, because otherwise the spyware would have ended up on his smartphone. According to Freund, cyber security experts later explained to him "that the 'Candiru' software was most likely used for the attack".
Candiru comes from an Israeli spyware manufacturer. The spyware is similar to the better-known state Trojan Pegasus from the NSO Group, which is also based in Israel. According to experts, Candiru initially specialized in the desktop world, the NSO Group in iPhones and its competitors in Android cell phones. According to a report, Candiru then joined forces with another Israeli software manufacturer, Insanet, to develop Sherlock spyware, a joint universal product for spying on any end device. A variant of this is even said to be able to be installed on Windows PCs and popular smartphones via targeted advertising banners. The government of US President Joe Biden imposed sanctions against Candiru and the NSO Group in 2021.
"Using 'Candiru' is costly," writes Freund. "I was told that a single attack can cost more than 1 million euros. So who is behind it? We don't know." Among the countries suspected of operating Candiru were the United Arab Emirates, Israel, Saudi Arabia, Indonesia and Hungary.
Spyware attacks on EU politicians on the rise
Freund explained the details to the newsletter service Politico Playbook. According to Freund, the email with the dangerous link sent two weeks before the European elections allegedly came from a student at Kyiv International University who was organizing a seminar on Ukraine's chances of joining the EU. The email contained a request to "write a short message" for the students. The link was attached. A young woman with the same name is actually enrolled at the university in question. However, she emphasized to Playbook that she did not know who her friend was and did not know the Gmail account from which the message originated. She was shocked and assured us: "This email is definitely not from me."
Freund is not the only MEP to have been the target of spyware attacks in recent months. In February, it was revealed that spyware had been discovered on the devices of MEPs Nathalie Loiseau and Elena Yoncheva - both members of the security subcommittee - and a parliamentary official. A report published in 2022 by the CitizenLab at the University of Toronto in collaboration with Catalan independence groups reveals that researchers have identified at least 65 people who have been targeted or infected with Pegasus or Candiru. The three EU parliamentarians Diana Riba, Antoni Comín and Jordi Solé are said to have been among them. Parliament President Roberta Metsola is also believed to have been the victim of a cyber attack. Members of the EU Commission are also said to have been attacked with spying programs. The Brussels-based government institution now wants to recommend a stricter approach to spyware to the EU member states.
(vbr)
