European Lawmaker Targeted With Israeli-made Predator Spyware

In wake of the Project Pegasus investigation, the European Parliament began checking lawmakers' devices – the head of the Greek socialist party’s phone had signs of an attempted infection

Omer Benjakob
Omer Benjakob
Send in e-mailSend in e-mail
The European Parliament earlier this month. After checking parliamentarians' phones, one Greek representative was found to be the target of Israeli-made Predator spyware
The European Parliament earlier this month. After checking parliamentarians' phones, one Greek representative was found to be the target of Israeli-made Predator spywareCredit: Patrick Hertzog / AFP
Omer Benjakob
Omer Benjakob

The phone of a member of the European Parliament was found to have received a malicious link that could have infected their phone with the spyware known as Predator, which is created by an Israeli-made offensive cyber company.

According to a report in Kathimerini, Nikos Androulakis, who is an MEP for the Greek socialist party – known as PASOK, or the Panhellenic Socialist Movement – and also serves as its president, was found to have received an SMS message containing a link that, if clicked, would have infected his phone with the Predator spyware. Androulakis did not click the link and his phone was likely not infected.

"There was an attempt to bug my mobile phone with the Predator surveillance malware," Androulakis told reporters after filing the complaint with prosecutors. "The revelation of those hiding behind such sick practices … is not a personal issue but my democratic duty," he added.

The Greek politician’s phone was examined alongside the phones of roughly 200 MEPs in the wake of the Project Pegasus investigation, an inquiry to which Haaretz was also party, and was the only device phone to have faced a potential hack.

In wake of the revelations of the global investigative project into misuse of Israeli spyware, the European Parliament offered lawmakers to check their phones. Androulakis provided the parliament's security services with his device and they found a message from September 2021 containing a link that Citizen Lab has in the past attributed to Predator infections.

Predator, which is produced by a firm called Cytrox, is almost identical to the infamous Pegasus spyware made by the competing and more famous cyber firm NSO Group. Predator is similar to Pegasus in terms of its capabilities, but differs in the way it infects a device: It requires the victim to click on a link, while some versions of Pegasus do not.

Cytrox is owned by a firm called Intellexa which, though currently based in Greece, is run by a former Israeli military intelligence official Tal Dilian. Though the firm is registered abroad, sources say many of its workers are Israelis and the company may even have staff in Israel. Until recently, the Intellexa was based in Cyprus.

According to public information and past reports by Citizen Lab, Cytrox was founded in 2017 and its technology is defined as “cyber intelligence systems designed to offer security” to governments and help “designing, managing and implementing cyber intelligence gathering in the network, enabling businesses to gather intelligence from both end devices as well as from cloud services.”

Intellexa Co-CEO Tal Dilian at his house in Limassol, Cyprus, in 2020.Credit: Yiannis Kourtoglou / REUTERS

It is unclear if Cytrox is under Israeli defense oversight and whether the firm and others linked to Intellexa sell only to states – as NSO does – or also provide their services to private entities. The body in charge of overseeing defense exports did not respond to Haaretz’s questions regarding Cytrox for this report.

Last December, Facebook revealed that Cytrox was operating hundreds of fake domains in an attempt to entrap “politicians and journalists around the world.” According to Meta, Facebook’s parent company that worked with Citizen Lab on the matter, “these domains were used as part of their phishing and compromise campaigns.

Androulakis has filed a complaint in Greece in wake of the revelations. The complaint comes as the European Union is beginning to follow the United States in taking a harder look at spyware merchants and the use of powerful surveillance software.

In April, the first case of a European national being targeted with the Predator spyware was confirmed in Greece: Thanasis Koukakis, an investigative journalist for CNN Greece who also contributed to the Financial Times and CNBC and was covering one of the country’s biggest corruption scandals, was hacked with the spyware, a forensic analysis of his phone that was shared with Haaretz revealed.

The first publicly known case of Predator infections, on the cellphones of two Egyptian nationals, were also found by Citizen Lab to be infected with the better-known Israeli-made spyware Pegasus.

Tal Dillian and Intellexa did not respond to comment. Androulakis was unavailable to respond to this report.

Reuters contributed to this report.

Click the alert icon to follow topics:

Comments

SUBSCRIBERS JOIN THE CONVERSATION FASTER

Automatic approval of subscriber comments.
From $1 for the first month

Already signed up? LOG IN

ICYMI

בנימין נתניהו השקת ספר

Netanyahu’s Israel Is About to Slam the Door on the Diaspora

עדי שטרן

Head of Israel’s Top Art Academy Leads a Quiet Revolution

Charles Lindbergh addressing an America First Committee rally on October 3, 1941.

Ken Burns’ Brilliant ‘The U.S. and the Holocaust’ Has Only One Problem

Skyscrapers in Ramat Gan and Tel Aviv.

Israel May Have Caught the Worst American Disease, New Research Shows

ג'אמיל דקוור

Why the Head of ACLU’s Human Rights Program Has Regrets About Emigrating From Israel

ISRAEL-VOTE

Netanyahu’s Election Win Dealt a Grievous Blow to Judaism