Spyware Investigator Targeted: Former European Lawmaker’s Phone Hacked with Pegasus
In a stark escalation of surveillance controversies, security researchers have confirmed that former Greek Member of the European Parliament (MEP) Stelios Kouloglou had his mobile device compromised by the notorious Pegasus spyware. Crucially, the intrusion occurred while Kouloglou was actively serving on the European Parliament’s PEGA committee—a special body established specifically to investigate the illicit use of surveillance software by European governments. This marks the first public confirmation of a PEGA committee member being targeted by the very technology they were tasked with investigating.
Digital forensics conducted by the digital rights research group Citizen Lab revealed that Kouloglou’s iPhone was breached multiple times between late 2022 and early 2023. The attackers utilized a sophisticated “zero-click” exploit that bypassed Apple’s security protocols by targeting a vulnerability in the device’s smart home software. Because it was a zero-click exploit, the spyware was able to infiltrate the phone and extract sensitive data—including private messages, location data, photos, and ambient audio—without requiring any interaction from Kouloglou. The timing of the hacks aligned with critical phases of the committee’s work, including draft report discussions and key hearings in Brussels.
The revelation has sparked intense outrage among European lawmakers, who have characterized the breach as a direct assault on democratic institutions and the rule of law. Kouloglou expressed deep concern over the violation of his personal and professional privacy, announcing plans to pursue legal action against NSO Group, the Israeli firm behind Pegasus. While NSO Group has faced severe restrictions in jurisdictions like the United States due to human rights concerns, the incident underscores the ongoing challenges democratic nations face in regulating highly invasive commercial surveillance tools.
Key Takeaways
- Former Greek MEP Stelios Kouloglou was targeted with Pegasus spyware while serving on a European Parliament committee investigating spyware abuses.
- The hacks utilized a 'zero-click' exploit targeting an unpatched vulnerability in Apple's smart home software, requiring no user interaction to compromise the device.
- The victim plans to file a lawsuit against NSO Group, the developer of Pegasus, amid growing calls for the European Commission to impose stricter regulations on commercial surveillance.
Editor’s Analysis & Impact
The targeting of an active investigator by the very spyware they are probing represents a brazen challenge to democratic oversight and regulatory frameworks. This incident highlights a critical vulnerability in global cybersecurity governance: the commercial spyware market remains highly lucrative and difficult to police, despite international blacklisting efforts like those enacted by the United States. For tech giants like Apple, the constant arms race against zero-click exploits underscores the necessity of rapid security patching and robust device architecture. Moving forward, this breach is likely to accelerate legislative pressure within the European Union to implement binding, bloc-wide restrictions on the acquisition and deployment of commercial surveillance tools. It also signals to public officials and journalists that standard security practices may no longer suffice against state-sponsored digital espionage.
Frequently Asked Questions
Q: What is Pegasus spyware?
A: Pegasus is a highly sophisticated surveillance software developed by the Israeli cyber-arms firm NSO Group. It can be covertly installed on mobile phones running iOS and Android, allowing operators to extract messages, photos, location data, and even activate the device's microphone and camera without the user's knowledge.
Q: How did the attackers infect the politician's phone?
A: The attackers used a 'zero-click' exploit, which leverages a security vulnerability in Apple's software (specifically related to smart home features). This allowed the spyware to infect the device silently, without requiring the victim to click on any malicious links or download any files.
Q: What are the legal ramifications of this hack?
A: The victim, Stelios Kouloglou, has announced plans to sue NSO Group. Additionally, European lawmakers are citing this incident to demand that the European Commission enforce stricter regulations and limits on the use of commercial spyware across all 27 EU member states.