CyberSecurity SEE

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

A recently unveiled forensic investigation has shed light on a serious breach of privacy involving Pegasus spyware, which was utilized to hack a sitting Member of the European Parliament (MEP) who was actively probing spyware abuses within the European Union. This incident raises staggering concerns about surveillance targeting democratic institutions, placing the spotlight on the vulnerabilities present even at the highest levels of governance.

In a detailed report published by Citizen Lab on July 3, 2026, it was revealed that former Greek MEP Stelios Kouloglou was subjected to multiple infections of NSO Group’s notorious Pegasus spyware during his tenure on the European Parliament’s Committee of Inquiry—dubbed the PEGA Committee—focused on exploring the implications of Pegasus and similar surveillance technologies. The implications of these findings are profound; they indicate that the compromise took place during crucial phases of the committee’s work, potentially putting confidential meetings and sensitive discussions at risk.

Forensic analysis of Kouloglou’s iPhone tracked two notable infections of the Pegasus spyware—one on October 21, 2022, and another on March 6–7, 2023. Investigators linked the initial hack to a “PWNYOURHOME” zero-click exploit chain, which exploited the inadequacies in Apple’s HomeKit and iMessage infrastructures. This exploit allowed attackers to infiltrate Kouloglou’s device without requiring any user interaction, underlining the advanced capabilities of modern mercenary spyware.

Logs from the forensic analysis indicated an unusual HomeKit lookup associated with the email address rauharepo888[@]gmail.com. This activity was swiftly followed by signs of Pegasus activity over mobile data, clearly suggesting that the device faced a silent and userless compromise. At the time of the first infection, Kouloglou’s device was operating on iOS 15.5. The sophistication demonstrated in this attack points toward a significant breach in cybersecurity, raising alarms over the mechanisms employed by such spyware.

The timeline of the attacks aligned suspiciously with pivotal PEGA Committee activities, such as hearings aimed at regulating spyware and the internal drafting of investigative reports. The timing of the first compromise—mere days before significant hearings and during crucial preparatory activities—is particularly noteworthy. It implies that attackers might have been vying for access to internal communications, documents, and strategic discussions, revealing the lengths to which adversaries might go to undermine legislative processes.

The second known infection, which occurred in March 2023, coincided with intense deliberations regarding the committee’s report and Kouloglou’s presence in Brussels, instilling fears that adversaries could have had access to monitor legislative steps in real-time. These serious implications not only jeopardize the integrity of ongoing democratic processes but also reveal a broader systemic risk introduced by unregulated commercial surveillance technologies.

In addition to the forensic findings, Kouloglou reportedly received multiple Apple threat notifications between 2023 and 2024 warning him of mercenary spyware activity. Alarmingly, these alerts seem to have gone unnoticed by Kouloglou, emphasizing the usability challenges inherent in current threat notification systems.

While Citizen Lab expresses high confidence in attributing these attacks to the Pegasus spyware, the specifics regarding the source remain unclear. Investigators found no connections linking the attacks to the Greek government; however, overlapping infrastructures indicative of the same email identifier suggested that a Pegasus operator with past targeting of Russian and Belarusian journalists and activists may have been responsible. This raises serious questions about the authorizations and operational scope of the spyware’s usage across different EU jurisdictions.

This case represents the first confirmed instance where a PEGA Committee member fell victim to such surveillance while actively engaged in inquiry against spyware abuses. Although previous cases have shown that other MEPs were targeted using Pegasus and similar tools, the latest findings illuminate an alarming trend that not only impacts activists and journalists but now encapsulates lawmakers themselves.

Security experts caution that the incident demonstrates a systemic risk to democratic oversight mechanisms posed by commercial surveillance technologies that operate with little accountability. In response, Citizen Lab has called for urgent action—including comprehensive forensic screenings of devices used by MEPs and staff, augmented cybersecurity protections such as mobile lockdown modes, and formal investigations by EU institutions. Furthermore, they argue for enhanced threat detection systems and coordinated defensive actions across European governmental bodies.

The revelation of this infiltration raises pressing questions about the future integrity of European democracy, suggesting that mercenary spyware poses a growing threat not just to journalists and activists, but indeed to lawmakers representing the highest legislative bodies. As the situation continues to evolve, there is an urgent need for regulatory frameworks and protective measures to safeguard against these intrusive surveillance practices, ensuring that democracy remains resilient in the face of emerging technological threats.

Source link

Exit mobile version