Up Headlines

Startup News

EU Lawmaker Probing Pegasus Spyware Was Hacked, Researchers Say

3 min read
EU Lawmaker Probing Pegasus Spyware Was Hacked, Researchers Say

A former member of the European Parliament who helped investigate the misuse of Pegasus spyware was himself targeted by the same surveillance technology, according to new findings from cybersecurity researchers. The revelation has renewed concerns about governments using sophisticated spyware to monitor journalists, politicians, and critics instead of focusing on serious criminal threats.

Researchers at the University of Toronto’s digital rights organization, Citizen Lab, confirmed that Greek journalist and former European lawmaker Stelios Kouloglou had his iPhone compromised with Pegasus spyware during 2022 and 2023.

According to the report, Kouloglou is the first publicly identified member of the European Parliament’s PEGA committee—a special committee established to investigate spyware abuses across Europe—to have been infected while serving on the panel.

The discovery has raised fresh questions about the use of commercial spyware within Europe and whether surveillance tools intended for law enforcement are instead being deployed against public officials involved in oversight and accountability.

Citizen Lab said it could not identify which government was responsible for the attack. However, researchers found that the Pegasus operator used the same malicious email address seen in an earlier spyware campaign targeting journalists across several European countries. The reuse of that infrastructure suggests the operator had authorization from Israeli spyware developer NSO Group to carry out surveillance operations across multiple European nations.

Neither the European Commission nor NSO Group responded to requests for comment before the report was published.

According to Citizen Lab, Kouloglou’s iPhone was first hacked in October 2022 and then compromised again on March 6 and March 7, 2023. The attacks relied on a previously unknown zero-click exploit, allowing Pegasus to infiltrate the device without requiring the victim to click a link or interact with a malicious message.

The exploit targeted a vulnerability in Apple’s smart home software. Although Apple later released a security patch, Kouloglou’s device had not yet installed the update when the attacks occurred.

Once installed, Pegasus could reportedly access highly sensitive information stored on the phone, including text messages, private communications, location data, photographs, and other personal files.

Researchers noted that the first attack coincided with critical discussions surrounding the PEGA committee’s draft report, which examined alleged spyware abuses in Cyprus, Greece, Hungary, Poland, and Spain.

Citizen Lab also pointed out that Kouloglou was recovering in a hospital during the October 2022 infection following scheduled surgery. Investigators believe the spyware could have allowed operators to capture nearby conversations or other sensitive discussions during that period.

The second wave of attacks occurred while Kouloglou was traveling from Athens to Brussels to attend committee hearings, only months before the committee finalized its report on spyware misuse.

Speaking about the incident, Kouloglou described the hacking as both shocking and deeply personal. Beyond official communications, he said the attackers potentially gained access to private memories, conversations, and personal moments stored on his device.

Kouloglou believes he was targeted because of his work investigating Pegasus spyware and said he plans to file a lawsuit against NSO Group.

The company has faced years of criticism over allegations that its surveillance software has been used to target journalists, politicians, activists, and government critics worldwide. Although NSO Group maintains that Pegasus is intended for combating terrorism and serious crime, its technology has repeatedly been linked to controversial surveillance operations.

The spyware maker also remains largely restricted in the United States following an executive order issued during the Biden administration that prohibited U.S. government agencies from using commercial spyware that could contribute to human rights abuses.

Kouloglou said he decided to publicly reveal his experience to support democratic values and greater accountability.

He emphasized that exposing surveillance abuses is essential in protecting democracy, defending human rights, and strengthening efforts to combat corruption.

Also read : Melinda Gates-Backed Magnify Ventures Raises $46.6M AI Fund

Copyright © Up Headlines. All rights reserved. | Supported by eOffice4U.