Spyware has been discovered on two mobile phones belonging to MEPs and staff from the European Parliament’s Subcommittee on Security and Defence (SEDE).
Security specialists initially found the traces of spyware when a subcommittee member underwent a routine check on February 20.
At least two devices now show traces of hacking, said an internal mail circulated to the panel.
Everyone connected to the subcommittee will now need to bring in their mobile phones for examination, its information technology department said.
The European Parliament would not comment about the spyware’s likely source, deputy spokesperson Delphine Colard told Brussels Signal.
“In the given geopolitical context and given the nature of the files followed by the subcommittee on security and defence, special attention is dedicated to the devices of the members of this subcommittee and the staff supporting its work,” she added.
It is not the first time a MEP was targeted with malicious software.
In 2020, a mobile phone belonging to Nikos Androulakis, a Green MEP from Greece, was infected with Predator.
This powerful illegal software targets Android devices and gives a hacker unrestricted access to the device’s contents.
A December 2023 internal review seen by Politico concluded the European Parliament’s cybersecurity “has not yet met industry standards”, and was “not fully in-line with the threat level” posed by state-sponsored hackers and other threat groups.
The cybersecurity sluggishness of the European Parliament comes despite Western security services’ warnings about Russian and Chinese espionage for years.
On the subcommittee’s own welcome page, its chair Nathalie Loiseau says hybrid warfare and cyber-attacks against the EU’s security and defence infrastructure have risen to the top of its political agenda.
The Subcommittee on Security and Defence, or SEDE, falls under the European Parliament’s Committee on Foreign Affairs.
The subcommittee, with thirty members, is responsible for European security and defence policy, including institutions, capabilities, and operations.