← Back to Daily Briefing

Forensic analysis by Citizen Lab confirmed that Stelios Kouloglou, a member of the EU's PEGA Committee, was twice infected with NSO Group's Pegasus spyware. The campaign utilized advanced mobile exploitation to compromise a device specifically tasked with investigating commercial surveillance abuses. This breach resulted in the potential exfiltration of sensitive European Parliament communications and internal PEGA Committee investigative strategies. The attack demonstrates a targeted retaliatory pattern where commercial spyware is deployed by government customers to monitor and intimidate democratic oversight bodies, compromising the integrity of legislative deliberations and diplomatic security.

  • Incident Overview: Target and Context

    • Targeting of Stelios Kouloglou, a Greek politician and member of the European Parliament's PEGA Committee.
    • Identification of repeated infection cycles on a single mobile device through forensic imaging.
    • Contextualized as retaliatory espionage intended to neutralize or monitor investigators of the commercial spyware industry.
  • Technical Execution: NSO Group Pegasus

    • Deployment of Pegasus, a sophisticated commercial spyware suite capable of full device compromise.
    • Use of advanced delivery vectors to achieve persistence and unauthorized access to encrypted communications.
    • Evidence of multiple re-infections, suggesting a persistent effort to maintain access despite potential remediation or device resets.
  • Strategic Impact: Intelligence Leakage

    • Potential compromise of high-level political communications within the European Parliament.
    • Exposure of internal PEGA Committee strategies and sensitive deliberations regarding surveillance legislation.
    • Systemic erosion of trust in the confidentiality and security of EU legislative and diplomatic channels.
  • Threat Actor Profile: Motivation and Scale

    • Attribution points to an NSO Group customer, typically a state-level intelligence or law enforcement agency.
    • Shift in motive from traditional intelligence gathering to the active intimidation of regulatory oversight bodies.
    • Demonstrates the ability of state actors to leverage commercial tools to bypass democratic safeguards.
  • Defensive Implications: Conclusion

    • Highlights the critical necessity for hardened, audited, or air-gapped communications for members of oversight committees.
    • Validates the essential role of independent forensic researchers in detecting state-sponsored, zero-click surveillance.
    • Underscores the urgent need for EU-wide policy frameworks to prohibit the use of commercial spyware against democratic officials.

Related posts

  1. The Record by Recorded Future — Spyware found on phone of European Parliament member probing it
  2. cyberscoop.com — Someone infected a spyware probe overseer with spyware
  3. techcrunch.com — Politician who investigated spyware abuses had his phone hacked with Pegasus spyware
  4. gbhackers.com — Pegasus Spyware Hacked European Parliament Member Investigating Spyware Abuse
  5. NewsBytes — European politician probing spyware abuses hacked with Pegasus
  6. Security Affairs — Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds
  7. feeds.feedburner.com — European Parliament Member Investigating Spyware Was Hacked With Pegasus
  8. Theguardian
  9. Rcmediafreedom
  10. Aljazeera
  11. Internazionale
  12. Edri
  13. Europarl
  14. Securitylab

LINK COPIED TO CLIPBOARD