Forensic analysis by Citizen Lab confirmed that Stelios Kouloglou, a member of the EU's PEGA Committee, was twice infected with NSO Group's Pegasus spyware. The campaign utilized advanced mobile exploitation to compromise a device specifically tasked with investigating commercial surveillance abuses. This breach resulted in the potential exfiltration of sensitive European Parliament communications and internal PEGA Committee investigative strategies. The attack demonstrates a targeted retaliatory pattern where commercial spyware is deployed by government customers to monitor and intimidate democratic oversight bodies, compromising the integrity of legislative deliberations and diplomatic security.
-
Incident Overview: Target and Context
- Targeting of Stelios Kouloglou, a Greek politician and member of the European Parliament's PEGA Committee.
- Identification of repeated infection cycles on a single mobile device through forensic imaging.
- Contextualized as retaliatory espionage intended to neutralize or monitor investigators of the commercial spyware industry.
-
Technical Execution: NSO Group Pegasus
- Deployment of Pegasus, a sophisticated commercial spyware suite capable of full device compromise.
- Use of advanced delivery vectors to achieve persistence and unauthorized access to encrypted communications.
- Evidence of multiple re-infections, suggesting a persistent effort to maintain access despite potential remediation or device resets.
-
Strategic Impact: Intelligence Leakage
- Potential compromise of high-level political communications within the European Parliament.
- Exposure of internal PEGA Committee strategies and sensitive deliberations regarding surveillance legislation.
- Systemic erosion of trust in the confidentiality and security of EU legislative and diplomatic channels.
-
Threat Actor Profile: Motivation and Scale
- Attribution points to an NSO Group customer, typically a state-level intelligence or law enforcement agency.
- Shift in motive from traditional intelligence gathering to the active intimidation of regulatory oversight bodies.
- Demonstrates the ability of state actors to leverage commercial tools to bypass democratic safeguards.
-
Defensive Implications: Conclusion
- Highlights the critical necessity for hardened, audited, or air-gapped communications for members of oversight committees.
- Validates the essential role of independent forensic researchers in detecting state-sponsored, zero-click surveillance.
- Underscores the urgent need for EU-wide policy frameworks to prohibit the use of commercial spyware against democratic officials.
Related posts
- The Record by Recorded Future — Spyware found on phone of European Parliament member probing it
- cyberscoop.com — Someone infected a spyware probe overseer with spyware
- techcrunch.com — Politician who investigated spyware abuses had his phone hacked with Pegasus spyware
- gbhackers.com — Pegasus Spyware Hacked European Parliament Member Investigating Spyware Abuse
- NewsBytes — European politician probing spyware abuses hacked with Pegasus
- Security Affairs — Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds
- feeds.feedburner.com — European Parliament Member Investigating Spyware Was Hacked With Pegasus
- Theguardian
- Rcmediafreedom
- Aljazeera
- Internazionale
- Edri
- Europarl
- Securitylab