Former European Parliament member was targeted with Pegasus spyware during EU investigation

Marium Saqib
4 Min Read
Pegasus spyware

Summary

  • A forensic investigation by cybersecurity researchers has revealed that former European Parliament member Stelios Kouloglou was repeatedly targeted with Pegasus spyware while serving on a committee investigating the misuse of surveillance technology across the European Union.
  • The committee was established to examine the growing use of commercial spyware by governments and other groups, particularly in cases involving alleged violations of privacy, civil rights and democratic freedoms within the European Union.
  • At the time, members were holding detailed discussions and preparing the committee’s final report on the use of spyware within the European Union.
AI Generated Summary

A forensic investigation by cybersecurity researchers has revealed that former European Parliament member Stelios Kouloglou was repeatedly targeted with Pegasus spyware while serving on a committee investigating the misuse of surveillance technology across the European Union.

The findings were published by Citizen Lab, a research group known for exposing spyware operations around the world. According to its report, Kouloglou’s mobile phone was infected several times, potentially allowing attackers to gain access to private messages, confidential documents and discussions linked to the parliamentary investigation.

Kouloglou served on the European Parliament’s PEGA Committee between March 2022 and July 2023. The committee was established to examine the growing use of commercial spyware by governments and other groups, particularly in cases involving alleged violations of privacy, civil rights and democratic freedoms within the European Union.

Researchers said this is the first publicly confirmed case of a PEGA Committee member becoming a victim of the same surveillance technology the committee was investigating. The discovery has raised fresh concerns about the reach of commercial spyware and its possible impact on democratic institutions.

Citizen Lab’s forensic analysis found that Kouloglou’s iPhone was first compromised around October 21, 2022. Additional infections were detected on March 6 and March 7, 2023. The attacks reportedly used a highly sophisticated method known as a zero click exploit, allowing the spyware to install itself without requiring the phone owner to open a message or click on a malicious link.

The exploit targeted Apple’s smart home software through a vulnerability known among cybersecurity experts as PWNYOURHOME. Because the phone was running an older version of Apple’s operating system, the spyware was able to infect the device without the user’s knowledge.

Researchers said the timing of the attacks is particularly significant. The first infection took place while Kouloglou was in hospital, where he received a visit from Greek investigative journalist Thanasis Koukakis. Koukakis had previously been identified as a target of commercial spyware, making the timing of the incident especially notable.

The second series of attacks occurred during an important stage of the PEGA Committee’s work. At the time, members were holding detailed discussions and preparing the committee’s final report on the use of spyware within the European Union. Investigators believe anyone controlling the spyware could have gained access to information related to those discussions.

Although cybersecurity experts have not identified who was responsible for the attacks, the report found technical similarities with an earlier spyware campaign targeting Russian and Belarusian journalists living in Europe. Both operations reportedly used the same operator email address during the deployment of Pegasus, suggesting they may have been carried out by the same customer using the software.

Despite these similarities, researchers stressed that there is no conclusive evidence linking the attacks to the Greek government or any other specific state. The identity of those behind the surveillance remains unknown.

The case has renewed debate over the growing use of commercial spyware around the world. Technologies such as Pegasus were originally promoted as tools to help governments combat terrorism and serious organised crime. However, human rights groups and cybersecurity experts have repeatedly warned that such software has increasingly been used against journalists, political opponents, lawyers and activists instead of legitimate security threats.

The latest findings have added to concerns about digital surveillance within democratic institutions, highlighting the risks faced even by lawmakers investigating the misuse of advanced spying technology. The case is likely to increase calls for stronger oversight and tighter regulations on the sale and use of commercial spyware across Europe.

We welcome your contributions! Submit your blogs, opinion pieces, press releases, news story pitches, and news features to opinion@minutemirror.com.pk and minutemirrormail@gmail.com
Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *