EU lawmaker who investigated spyware misuse was reportedly targeted with Pegasus, according to researchers

A former EU lawmaker who looked into spyware misuse was covertly targeted with Pegasus spyware, as reported by researchers at Citizen Lab.

A former member of the European Parliament, who contributed to the investigation of surveillance technology misuse throughout the European Union, was reportedly targeted with Pegasus spyware, as revealed by researchers at Canada’s Citizen Lab on Friday.

Citizen Lab reported that Stelios Kouloglou, a Greek journalist and former EU lawmaker, had his mobile phone compromised at least three times between October 2022 and March 2023 through the use of Pegasus, a sophisticated spyware created by Israel’s NSO Group.

During the period of the purported cyberattacks, Kouloglou was a member of the European Parliament’s PEGA Committee, which was formed in 2022 to examine the illegal use of spyware throughout European Union member states. The committee reviewed the use of Pegasus and comparable surveillance tools, determining that multiple governments had probably employed these technologies in both lawful and unlawful manners.

Reacting to the findings, Kouloglou expressed his astonishment that a member of the committee investigating spyware abuse had become a target.

“I was surprised to learn that a PEGA member would be monitored by Pegasus,” he told Reuters. “I did not anticipate that they would act with such recklessness.”

NSO Group has not yet provided a response to the requests for comment regarding the allegations.

In a statement to Reuters, the European Parliament refrained from commenting directly on Kouloglou’s case but noted that its cybersecurity teams are consistently monitoring threats aimed at the institution. It was noted that spyware detection tools have been accessible to all lawmakers since 2022, and a report adopted last month recommended that these protections be extended to every device utilized for parliamentary work.

The European Commission, which serves as the EU’s executive arm, has not yet provided a response to requests for comment.

NSO Group has consistently asserted that Pegasus is solely licensed to government agencies for the purpose of combating serious crime and ensuring national security. Nevertheless, the company has consistently encountered accusations that its technology has been employed to surveil journalists, political adversaries, human rights advocates, and other individuals within civil society globally.

The company was added to a US government blacklist in 2021 due to concerns regarding human rights and national security. Last year, Meta Platforms, the parent company of WhatsApp, obtained a damages award against NSO after alleging that the firm unlawfully exploited its messaging platform. Recently, Meta pursued a contempt order, claiming that the company breached a court injunction.

Citizen Lab stated that it suspects Kouloglou’s phone was compromised via an Apple software vulnerability that was not known at the time of the attacks. The researchers noted that Apple subsequently informed the former lawmaker in both 2023 and 2024 that he had been the target of state-sponsored hacking attempts.

While Citizen Lab did not pinpoint the entity behind the deployment of Pegasus against Kouloglou, it noted that aspects of the hacking campaign bore similarities to previous operations aimed at Russian- and Belarusian-speaking journalists and activists in exile.

Apple stated that the software flaw mentioned in the report has been addressed and emphasized that it regularly informs users who it suspects may have been targeted by advanced state-sponsored attackers.

Former EU lawmaker Sophie in ’t Veld, who was instrumental in the formation of the PEGA Committee, stated that the incident highlighted the increasing danger presented by commercial spyware and the absence of accountability regarding its application.

She cautioned, “We’re in a situation where anyone could observe anyone.” They are surveilling citizens, journalists, NGOs, lawyers, and politicians, and no one is aware of who is responsible for it.

Add a Comment

Your email address will not be published.