EU Lawmaker Investigating Pegasus Spyware Targeted by Same Invasive Tool
IR SUMMARY — KEY POINTS
- A former member of the European Parliament had his personal smartphone compromised by Pegasus spyware on at least three separate occasions between 2022 and 2023.
- The targeted individual, Stelios Kouloglou, was actively serving on a parliamentary committee specifically tasked with investigating the illicit use of surveillance technology across member states.
- Researchers at Citizen Lab performed a forensic analysis on the device, confirming the breaches occurred while the politician was traveling in Athens and Brussels.
- The NSO Group, the Israeli company behind the development of Pegasus, has faced sustained international criticism and legal action for the misuse of its software.
- This revelation has sparked urgent calls for enhanced cybersecurity protocols for European officials to protect sensitive legislative proceedings from covert surveillance by external actors.
A startling forensic investigation has confirmed that a former member of the European Parliament was subjected to repeated cyberattacks using Pegasus spyware while actively working on an official committee tasked with probing the very same technology. The findings, released by the Toronto-based watchdog Citizen Lab, indicate that the mobile device belonging to Greek journalist and politician Stelios Kouloglou was compromised multiple times between October 2022 and March 2023. These breaches occurred precisely as the lawmaker was engaged in legislative efforts to expose the illegal deployment of advanced surveillance tools across the European Union.
Surveillance Targeting Democratic Representatives
The audacity of these digital intrusions against a serving lawmaker has sent shockwaves through European political circles, raising fundamental questions about the security of democratic institutions. As a member of the PEGA Committee, which was established specifically to investigate the misuse of spyware by state entities, the targeted individual held sensitive information regarding the illicit surveillance of journalists and political figures. Experts are now warning that the hacking incident may have exposed confidential communications and sensitive parliamentary proceedings to unknown actors, potentially jeopardizing the integrity of the committee’s investigative mandate.
Developed by the Israel-based NSO Group, the Pegasus software is designed to provide full remote access to a target's smartphone, effectively turning the device into a comprehensive surveillance tool. While the manufacturer maintains that its product is strictly licensed to government agencies for the narrow purpose of combating terrorism and serious criminal activity, the tool has been linked to numerous cases of political espionage. The targeting of an EU representative suggests that the technology is being wielded against those who represent the greatest threat to its unchecked use by clandestine government departments.
The phone of Stelios Kouloglou was infected with Pegasus spyware at least three times during his tenure on the European Parliament's PEGA committee.
Security Failures in Parliamentary Procedures
The investigation conducted by Citizen Lab highlights a critical vulnerability in global digital security, as the incursions likely leveraged unknown software flaws to gain entry. Although the forensic report did not explicitly attribute the hacks to a specific state government, the sophistication required for such an operation points toward well-resourced entities capable of bypassing standard protective measures. This incident underscores the significant risks faced by public officials who operate within environments where commercial-grade spyware can be purchased and deployed by any entity with sufficient financial resources and the right connections.
Kouloglou himself expressed profound astonishment at the discovery, noting that he had not anticipated the level of recklessness involved in targeting a member of an active parliamentary probe. The incident serves as a stark reminder of the limitations of existing cybersecurity frameworks, even for those working at the highest levels of the European Union. Despite receiving late notifications from Apple regarding suspicious login attempts months after the fact, the lawmaker was left unaware of the extent to which his personal privacy had been systematically violated for an extended period.
Global Pressure on Spyware Developers
The European Parliament has responded by emphasizing that it maintains robust internal monitoring systems to detect and mitigate potential cyber threats against its staff and legislative members. Officials noted that specialized screening tools have been available to lawmakers since 2022 to assist in detecting sophisticated intrusions of this nature. However, the success of the attacks against a high-profile target suggests that these defensive measures may still be lagging behind the rapid evolution of private surveillance technologies that prioritize total invisibility and stealth.
NSO Group continues to face global scrutiny as its spyware is repeatedly linked to the surveillance of journalists, politicians, and human rights activists.
Legal and reputational fallout for the NSO Group continues to mount as international bodies and major tech firms take increasingly aggressive stands against the company. Beyond the scrutiny from the European Parliament, the firm has been placed on a United States trade blacklist and has become the subject of high-profile litigation initiated by Meta Platforms over the unauthorized exploitation of encrypted messaging services. These ongoing legal battles reflect a broader movement toward stricter global oversight of the commercial surveillance industry and a demand for greater transparency regarding the end-users of such powerful technology.
Stricter Oversight of Surveillance Technology
Future legislative efforts in the European Union are expected to focus on closing the regulatory gaps that have allowed for the unchecked proliferation of mercenary spyware. Lawmakers are now advocating for the mandatory implementation of advanced detection software across all devices utilized for official parliamentary business to prevent similar breaches in the future. As the debate over digital privacy and government accountability intensifies, this incident will likely serve as a pivotal moment in the struggle to protect the sanctity of democratic processes from the encroaching threat of unaccountable state-sponsored surveillance operations.
KEY TAKEAWAYS
Citizen Lab identified the hacking incidents as a serious threat to the integrity of democratic processes and the confidentiality of legislative investigative work.
Meta Platforms recently secured significant legal victories against NSO Group for the unlawful exploitation of vulnerabilities within the WhatsApp communication platform.
