According to DG ITEC’s report, the so-called spear-phishing attack on Neumann was an attempt to infect the laptop and collect credentials, “with the likely intent of exfiltrating sensitive information or executing further espionage actions.”
The specific fraudulent identity that was used to establish contact with Neumann’s office was that of Matthew Levitt, a former United States FBI and government official who had had several exchanges with Neumann before.
The fake Levitt email asked for the German lawmaker to speak at a conference as part of his role at the Washington Institute for Near East Policy. It attached a link to download an alleged “highly confidential and thus encrypted” note.
As chair of the Parliament delegation for relations with Iran, Neumann regularly engages with trade unions, civil society organizations, human rights lawyers and activists fighting for democracy in the country. Neumann previously sat on the Parliament’s special inquiry committee into the use of Pegasus and other spyware in Europe.
“I work on spyware. I work with a lot of diaspora communities. So on a theoretical level I am always ready for something like this to happen. I check my phone regularly,” she said.
The attacks were “another way to further intimidate me and show me how powerful they are,” she said. “It was clearly a message coming from the [Iranian] Revolutionary Guards to make me shut up, which they have tried in different ways before. The right answer is to speak up … I have a duty to speak up,” she said.
Parliament spokesperson Delphine Colard said in a statement that the chamber’s services “constantly monitor cybersecurity threats as well as potential cyberattacks against its working environment and quickly deploy the necessary measures to prevent them or support the users. Due the sensitive nature of the activity, we do not provide further comment on [European Parliament] security or cybersecurity matters.”