BRUSSELS — European Parliament members this week rubbished the EU executive’s Democracy Shield plan, an initiative aimed at bolstering the bloc’s defenses against Russian sabotage, election meddling and cyber and disinformation campaigns. The Commission’s plan “feels more like a European neighborhood watch group chat,” Kim van Sparrentak, a Dutch member of the Greens group, told a committee meeting on Monday evening. On Tuesday, EU Justice Commissioner Michael McGrath faced the brunt of that censure before the full Parliament plenary, as centrist and left-leaning lawmakers panned the plan for its weaknesses and far-right members warned that Brussels is rolling out a propaganda machine of its own. “We want to see more reform, more drive and more actions,” Swedish center-right lawmaker Tomas Tobé, who leads the Parliament’s report on the matter, told McGrath. The European Democracy Shield was unveiled Nov. 12 as a response to Russia’s escalating meddling in the bloc. In past months, Europe has been awash in hybrid threats. Security services linked railway disruptions in Poland and the Baltics to Russian-linked saboteurs, while unexplained drone flyovers have crippled public services in Belgium and probed critical infrastructure sites across the Nordics. At the same time, pro-Kremlin influence campaigns have promoted deepfake videos and fabricated scandals and divisive narratives ahead of elections in Moldova, Slovakia and across the EU, often using local intermediaries to mask their origins.   Together these tactics inform a pressure campaign that European security officials say is designed to exhaust institutions, undermine trust and stretch Europe’s defenses.  The Democracy Shield was a key pledge President Ursula von der Leyen made last year. But the actual strategy presented this month lacks teeth and concrete actions, and badly fails to meet the challenge, opponents said. While “full of new ways to exchange information,” the strategy presents “no other truly new or effective proposals to actually take action,” said van Sparrentak, the Dutch Greens lawmaker.  EU RESPONSE A WORK IN PROGRESS Much of the Shield’s text consists of calls to support existing initiatives or proposed new ones to come later down the line.   One of the pillars of the initiative, a Democratic Resilience Center that would pool information on hybrid warfare and interference, was announced by von der Leyen in September but became a major sticking point during the drafting of the Shield before its Nov. 12 unveiling.  The final proposal for the Center lacks teeth, critics said. Instead of an independent agency, as the Parliament had wanted, it will be a forum for exchanging information, two Commission officials told POLITICO.  The Center needs “a clear legal basis” and should be “independent” with “proper funding,” Tobé said Tuesday.   Austrian liberal Helmut Brandstätter said in a comment to POLITICO that “some aspects of the center are already embedded in the EEAS [the EU’s diplomatic service] and other institutions. Instead of duplicating them, we should strive to consolidate and streamline our tools.” EU countries also have to opt into participating in the center, creating a risk that national authorities neglect its work.  RIGHT BLASTS EU ‘CENSORSHIP’  For right-wing and far-right forces, the Shield reflects what they see as EU censorship and meddling by Brussels in European national politics.   “The stated goals of the Democracy Shield look good on paper but we all know that behind these noble goals, what you actually want is to build a political machinery without an electoral mandate,” said Csaba Dömötör, a Hungarian MEP from the far-right Patriots group.   “You cannot appropriate the powers and competence of sovereign countries and create a tool which is going to allow you to have an influence on the decisions of elections” in individual EU countries, said Polish hard-right MEP Beata Szydło.   Those arguments echo some of the criticisms by the United States’ MAGA movement of European social media regulation, which figures like Vice President JD Vance have previously compared to Soviet-era censorship laws.  The Democracy Shield strategy includes attempts to support European media organizations and fact-checking to stem the flood of disinformation around political issues. Romanian right-wing MEP Claudiu-Richard Târziu said her country’s 2024 presidential elections had been cancelled due to “an alleged foreign intervention” that remained unproven.  “This Democracy Shield should not create a mechanism whereby other member states could go through what Romania experienced in 2024 — this is an attack against democracy — and eventually the voters will have zero confidence,” he said.  In a closing statement on Tuesday at the plenary, Commissioner McGrath defended the Democracy Shield from its hard-right critics but did not respond to more specific criticisms of the proposal.  “To those who question the Shield and who say it’s about censorship. What I say to you is that I and my colleagues in the European Commission will be the very first people to defend your right to level robust debate in a public forum,” he said.

Two of the world’s most prolific state-linked cybercrime groups — Russia’s Gamaredon and North Korea’s Lazarus collective — have been spotted sharing resources, new research showed on Thursday. Experts at cybersecurity firm Gen Digital found overlapping tactics and shared infrastructure between the two groups. The discovery is “unprecedented,” said Director of Threat Intelligence at Gen Digital Michal Salat. “I don’t recall two countries working together on [Advanced Persistent Threat] attacks,” he said, referring to attacks that are sophisticated, long-term campaigns often conducted by nation-state actors. If confirmed, it would mark a new level of coordination between Moscow and Pyongyang. The Gamaredon cybercrime group is linked to Russia’s Federal Security Service and has aggressively targeted Ukrainian government networks since the start of the invasion in 2022, mostly for intelligence collection. Lazarus, a well-known North Korean threat group, conducts everything from espionage to financially motivated cybercrime. While tracking Gamaredon’s use of Telegram channels to share the servers controlling its malware, analysts discovered that one of those servers was also being used by Lazarus. One Gamaredon-run server was also found hosting a hidden version of malware linked to Lazarus. The file closely matched Lazarus’ typical tools. Nation-state hacking groups rarely host or distribute one another’s malware. Researchers believe the findings indicate the two groups are likely sharing systems, and could very well be cooperating directly. At a minimum, it shows that one group is deliberately imitating the other. Salat added that Gamaredon may be studying Lazarus’ methods, too. Lazarus is known for using fake job offers to trick victims and for stealing cryptocurrency, a key revenue source for North Korea, which is under heavy global sanctions. Moscow and Pyongyang have increased cooperation, including among their militaries, in previous years. Western security services believe Pyongyang has sent thousands of North Korean soldiers to Russia to support the war in Ukraine. Ukrainian authorities last month said North Korean troops were flying drones across the border, and Ukrainian military intelligence said last week North Korea would send thousands of workers to Russia to manufacture drones.

BERLIN — One of Hungary’s most outspoken critics in Brussels has filed a criminal complaint against Hungarian Prime Minister Viktor Orbán following a failed attempt to hack his email account using spyware in the run-up to the European Parliament elections. German Green MEP Daniel Freund and German NGO the Society for Civil Rights named “Viktor Orbán and unknown” in the complaint, which was seen by POLITICO, and requested that the state prosecutor in the western German city of Krefeld and cyber crime authorities launch an investigation. “There are indications that the Hungarian secret service is behind the attack,” Freund and the NGO said in a joint statement on Wednesday. The complaint gives details about an email that someone claiming to be a Ukrainian student sent to Freund’s parliamentary email address at the end of May 2024. The message asked the MEP to write a short message in which he would share his “beliefs concerning the accession of Ukraine to the European Union,” as well as a link. Freund did not click on the link. The complaint said that Parliament warned Freund that the link contained spyware likely made by the Israeli company Candiru, which was blacklisted by the U.S. government in 2021 for human rights violations. “According to the EU Parliament’s IT experts, the Hungarian government could be behind the eavesdropping on me,” Freund said in a statement. “This comes as no surprise: Orbán despises democracy and the rule of law. If the suspicion is confirmed, it would be an outrageous attack on the European Parliament.” Freund and the NGO asked prosecutors to open an investigation to clarify “the facts of the case” through investigative measures including the questioning of witnesses and conducting an independent forensic analysis. The Hungarian government had not responded to a request for comment at the time of publication. If a device is infected with spyware, attackers can access all stored data and communications. They can also activate the camera and microphone to listen in on conversations. Freund has been one of the key players to have successfully advocated for EU funds for Hungary to be frozen. He also led a push to suspend Hungary’s presidency of the Council of the EU last year.

PARIS — The Paris public prosecutor has opened an investigation into Apple regarding the collection of recordings by its voice assistant Siri, the prosecutor’s office told POLITICO. The investigation, led by the country’s cybercrime agency OFAC, follows a complaint in February by the French NGO Ligue des droits de l’Homme, based on the testimony of a whistleblower and former employee of an Apple subcontractor Thomas Le Bonniec. As an employee of Globe Technical Services in Ireland in 2019, Le Bonniec analyzed recordings made by Siri to improve the quality of the voice assistant’s responses. That involved listening to thousands of user recordings, which Le Bonniec said could reveal intimate moments and confidential information, and could be used to identify users. The probe should enable “urgent questions to be answered,” Le Bonniec told POLITICO. Among them, “how many recordings in total have been made by Apple since 2014? How many people are affected? Where is this data stored?” he said. An Apple representative in France told POLITICO, “Apple has never used Siri data to create marketing profiles, has never made it available for advertising and has never sold it to anyone for any reason whatsoever.” Le Bonniec brought the case to the French prosecutor after unsuccessfully appealing to data protection authorities. That included France’s CNIL and its Irish counterpart, the Data Protection Commission (DPC), the responsible authority for American tech giants under EU privacy law. The DPC closed a case in 2022 without opening an investigation. The February complaint also paved the way for an ongoing class action in France. That was inspired by a class action in the United States, which saw Apple accused of recording private conversations without consumers’ knowledge. Apple agreed in December 2024 to settle the case for $95 million. The company denied any wrongdoing. In a blog post in January, Apple said it would not keep “audio recordings of interactions with Siri, unless the user explicitly agrees.”

Moldova’s deputy prime minister has blamed Russia for a cyberattack targeting the country’s electoral commission this week, just days before a crucial parliamentary election. Doina Nistor, the country’s deputy prime minister and digital minister, told POLITICO in an interview on Thursday that the country’s Central Electoral Commission has now been secured. “This was a vulnerability that was identified and is now fixed,” she said. The cyberattack is part of a wider hybrid campaign by Russia against Moldova that was planned “months in advance” and seeks “to destabilize our democracy,” Nistor said on a visit to Brussels. Moldovans will go to the polls on Sunday in an election mired in meddling attempts that Western security officials and cyber intelligence firms say originate in Russia. Moldovan President Maia Sandu told the European Parliament on Monday that Russia is spending “hundreds of millions of euros” to subvert the election. In one of the most recent attacks, hackers hijacked Wi-Fi routers to attempt to overload the servers of Moldova’s Central Electoral Commission, the country’s police chief Viorel Cernăuțeanu told local media on Wednesday, in what is known as a distributed denial-of-service attack. Like Ukraine, Moldova is a “laboratory” for confronting “some of the most advanced hybrid threats of our times,” Nistor said. “This makes us a natural test bed for Europe, a place where we can test new tools [and] new policies.”  According to Stanislav Secrieru, national security adviser to Sandu, “The scale of Russian interference today far exceeds what we saw in 2024.” “We’re seeing unprecedented efforts: more money to buy votes, more AI-driven disinformation amplified by troll networks, and more resources dedicated to orchestrating street violence. Russia is pulling out all the stops to tip this election,” he told POLITICO. Support for Moldova from the United States has waned, in part when it dismantled its development agency USAID earlier this year, putting more of the burden on Europe.  The European Commission has rushed to deploy a cyber reserve — a team of private-sector cybersecurity experts — to Moldova. It’s the first deployment of the reserve since it was created under the EU’s new Cyber Solidarity Act.  Access to the reserve is a “huge milestone,” Nistor said, adding that support from Europe on cyber “is first and foremost the most important one.” However, the U.S. is still offering some support via its embassy, she said.  Moldova is also working directly with countries including Romania, Sweden, Estonia and the United Kingdom to get structural help in the future, she said.  Gabriel Gavin contributed to this report.

French prosecutors said Friday that foreign interference is behind a wave of apparently provocative acts — from stunts targeting Muslims to antisemitic graffiti — that have struck Paris in the last two years. Pig heads were found outside nine mosques on Tuesday, shocking the Paris region. “Several of the pig heads had the inscription ‘MACRON’ written in blue ink,” the prosecutor’s office said earlier this week. Prosecutors have not yet publicly named a state actor as being responsible for the various incidents, but the cases echo tactics previously attributed to Russian networks seeking to exploit social fractures in Europe. Foreign interference is “something we must take into account, and that we do take into account, since in making an assessment of this type of acts that have taken place in the Paris area since October 2023, we have nine cases,” Paris prosecutor Laure Beccuau told BFMTV on Friday. “It started with the blue Stars of David,” Beccuau said, referring to an incident that saw the symbols daubed on building walls in the French capitals’s 14th district in October 2023 — and was later linked to pro-Russian interference. “Then came the ‘red hands,’ then splashes of green paint,” she said about attacks that targeted the Paris Holocaust memorial in 2024 and 2025. Earlier this month, pro-Russian posters were discovered on several pillars of the Arc de Triomphe, showing the image of a soldier with the caption, “Say thank you to the victorious Soviet soldier.” Beccuau said investigators have identified similar patterns in the modus operandi of individuals of Eastern European origin arriving for a short period of time in France to carry out these acts. “Sometimes they take photos of what they have done, and send the photos beyond the borders to sponsors,” she said. “Some of the sponsors have been identified … so we are fully able to be convinced that these acts are operations of interference.” Since Russia’s full-scale invasion of Ukraine began in February 2022, French authorities have accused Moscow of spreading disinformation and orchestrating symbolic provocations designed to sow mistrust in institutions and deepen religious or political tensions. Clea Caulcutt contributed to this report.

Prosecutors in Italy opened an investigation on Wednesday into a pornographic website that reportedly included images of female MPs and journalists, including Prime Minister Giorgia Meloni. The Italian leader said she was “disgusted” after learning that doctored images of her and other women appeared on the adult content platform, and called for those responsible to be punished “with the utmost firmness.” The site had more than 700,000 subscribers before it was closed last week. The photos were taken without consent from social media accounts, public sources and OnlyFans accounts, then doctored to emphasize intimate body parts or portray the women in sexual poses. Posts elicited often sexist and sexually explicit comments from male users. One victim told the news website Fanpage the site demanded up to €1,000 a month from victims to take down the pictures. Florence prosecutors opened the investigation after several center-left politicians complained to the police department tackling cybercrime. Hundreds of women have now filed reports. Under prosecutors’ plans, the probe will become part of a massive investigation into revenge porn sites, including a Facebook group called “Mia Moglie,” which saw men sharing intimate images of their own wives and partners online. It was deleted by Meta last week for “for violating our Adult Sexual Exploitation policies.” “I am disgusted by what has happened,” Meloni told Corriere della Sera last week. “I want to extend my solidarity and support to all the women who have been offended, insulted and violated.” She added: “It is disheartening to note that in 2025, there are still those who consider it normal and legitimate to trample on a woman’s dignity and target her with sexist and vulgar insults, hiding behind anonymity or a keyboard.” Senator Mara Carfagna, leader of the center-right We Moderates party, whose pictures also appeared on the website, said it was “horrifying” and has proposed legislation requiring platforms to register the real identity of users and strengthen the copyright of images. Italy introduced the crime of revenge porn — the sharing of sexually explicit images or videos, which were intended to remain private — back in 2019.

Russian basketball player Daniil Kasatkin was arrested in France on a hacking charge at the request of the United States. U.S. authorities believe Kasatkin negotiated payoffs for a ransomware ring that hacked around 900 companies and two federal government entities in the U.S., demanding money to end their attacks, according to a report from AFP. Kasatkin, who was arrested on June 21, denies the allegations. His lawyer, Frédéric Bélot, told POLITICO that Kasatkin is a “collateral victim of that crime” because he bought a second-hand computer with malware.  “He’s not a computer guy,” Bélot said. “He didn’t notice any strange behavior on the computer because he doesn’t know how computers work.” A French court denied Kasatkin bail on Wednesday, and he remains in jail awaiting formal extradition notification from U.S. authorities, according to Bélot. Kasatkin had traveled to France to visit Paris with his fiancée and was detained shortly after arriving at the airport. He played collegiate basketball briefly at Penn State, then four seasons for the Moscow-based MBA-MAI team. Bélot said Kasatkin’s physical condition has deteriorated in jail, which he argued is harming his athletic career. Joshua Berlinger contributed to this report. 

The International Criminal Court (ICC) said it was hit by a “sophisticated and targeted” cyberattack as NATO leaders gathered in The Hague for a summit last week. The ICC, which is based in The Hague, said it detected the incident “late last week” and had contained the threat. “A Court-wide impact analysis is being carried out, and steps are already being taken to mitigate any effects of the incident,” the court said in a statement on Monday. The Hague was the scene of the NATO Summit early last week. Dutch cybersecurity authorities reported a series of cyberattacks known as distributed denial-of-service (DDoS) attacks against local governments and other institutions in the run-up and during the summit. Those attacks, limited in impact, were claimed by known pro-Russian hacktivist groups online. A power outage also caused massive disruption to train traffic in the country last Tuesday. Dutch authorities said they were investigating the incident and the country’s justice minister said he couldn’t rule out sabotage as a possible cause. The ICC in 2023 also reported a hack of its computer systems it believed was an attempt to spy on the institution. The global tribunal has recently come under scrutiny after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and his former defense minister, Yoav Gallant, over Israel’s military campaign in Gaza. The U.S. Trump administration has slapped sanctions on the court’s Chief Prosecutor Karim Khan in response to the arrest warrants. Khan also lost access to his email provided by Microsoft in May, in an incident that has galvanized a political push in Europe to wean off American technology for critical communications.