Pegasus Spyware Infected EU Investigator During Spyware Probe

A former Member of the European Parliament, Stelios Kouloglou, was repeatedly hacked with NSO Group’s Pegasus spyware while serving on the PEGA Committee, which was established to investigate the abuse of Pegasus and similar surveillance spyware across Europe. Forensic analysis of Kouloglou’s iPhone, conducted by the Citizen Lab, confirmed high-confidence infections on or around October 21, 2022, and again on March 6 and 7, 2023. These infections occurred during critical periods of the committee’s work, including preparations for the release of its first draft report and intense deliberations on final findings. The spyware likely captured non-public information, such as confidential documents and committee discussions, potentially breaching EU parliamentary confidentiality and privilege frameworks.

The timing of the first infection coincided with several key PEGA activities, including hearings on Big Tech and spyware, e-privacy, and fundamental rights, as well as planning for research visits to Greece and Cyprus. Notably, on the exact day of the first infection, Kouloglou was in a Greek hospital recovering from surgery and was visited by fellow journalist Thanasis Koukakis, who had himself been targeted with Predator spyware. This context raises concerns about the interception of sensitive medical information and discussions. The second infection period occurred while Kouloglou was traveling to Brussels for committee sessions and as PEGA Rapporteur Sophie in ‘t Veld was in Greece investigating the local spyware scandal. These infections highlight the severe threat to democratic processes and parliamentary integrity.

While the Citizen Lab is not attributing these attacks to any specific government and found no evidence implicating the Greek government, the first infection shares a technical link with a previously identified Pegasus campaign targeting Russian and Belarusian-speaking exiled journalists and activists in Europe. The same HomeKit email address, rauharepo888@gmail.com, was used in both campaigns, suggesting a single Pegasus operator with license authorization to spy in multiple European jurisdictions. This connection narrows the list of potential responsible parties and warrants further investigation.

In response to these findings, the Citizen Lab recommends immediate investigations by EU institutions to assess the scale of the breach. MEPs and staff on the PEGA Committee should undergo forensic screening for spyware and enable enhanced security features like Lockdown Mode. The European Parliament should conduct an inquiry into spyware attacks on MEPs, increase reporting and screening rates, and consider providing account information to platforms for added scrutiny. The European Commission and the Parliamentary Assembly of the Council of Europe are urged to screen their members and staff, while tech companies are called to improve the effectiveness of threat warnings. This case underscores the urgent need for robust cybersecurity measures to protect democratic institutions from mercenary spyware.


Ez a cikk a Neural News AI (V1) verziójával készült.

Forrás: https://citizenlab.ca/research/member-of-committee-investigating-spyware-hacked-with-pegasus/.