A former member of the European Parliament who helped investigate the abuse of commercial spyware was himself repeatedly targeted with Pegasus, according to a new report from cybersecurity researchers at Citizen Lab. The case has renewed concerns about the use of surveillance tools against politicians, journalists, and civil society.

 

 

Citizen Lab found that the iPhone of Stelios Kouloglou, a Greek journalist and former Member of the European Parliament, was infected with Pegasus at least three times between October 2022 and March 2023. During that period, Kouloglou served on the Parliament’s PEGA Committee, which was established to investigate the use and misuse of spyware such as Pegasus across the European Union.

The researchers said the attacks coincided with key moments in the committee’s work, raising concerns that the operator may have sought access to confidential parliamentary discussions or information related to the investigation. However, Citizen Lab said it could not conclusively identify the government or customer responsible for deploying the spyware.

“I was not expecting that a PEGA member would be spied on by Pegasus,” Kouloglou told Reuters, describing the attack as both shocking and reckless given his role in examining unlawful surveillance practices.

Pegasus, developed by Israeli cyber intelligence company NSO Group, is capable of silently compromising iPhones and Android devices, allowing operators to access messages, emails, photos, location data, microphones, and cameras without the user’s knowledge. NSO maintains that it sells the software only to vetted government customers for use against serious crime and terrorism, although the company has repeatedly faced allegations that its products have been used to target journalists, opposition politicians, lawyers, and human rights activists.

The European Parliament did not comment directly on Kouloglou’s case but said its cybersecurity teams continuously monitor threats against parliamentary systems. It added that spyware detection tools have been available to lawmakers since 2022 and that Parliament recently called for those protections to be extended to all devices used for parliamentary work.

The incident is believed to be the first publicly documented case of a member of the PEGA Committee being targeted with Pegasus while actively serving on the committee. Privacy advocates say the discovery illustrates the growing challenge of protecting democratic institutions from commercial surveillance technologies that can be deployed against those investigating their misuse.

Citizen Lab warned that the case highlights the continuing risks posed by mercenary spyware, even after years of public scrutiny and regulatory efforts. The researchers called for stronger oversight of commercial surveillance tools and greater protections for elected officials, journalists, and others who may become targets because of their work.

Leave a Reply