Former EU Spyware Investigator’s iPhone Compromised by NSO Group Pegasus

Forensic analysis reveals the lawmaker's iPhone was infected using the PWNYOURHOME zero-click exploit during sensitive committee deliberations on spyware abuses.

CSBadmin
2 Min Read

The Target Within the Inquiry

Stelios Kouloglou, a former Member of the European Parliament who served on the committee investigating Pegasus spyware abuses, was himself repeatedly infected with NSO Group’s Pegasus spyware during his tenure. Forensic analysis from the Citizen Lab found that his iPhone was compromised at multiple critical points while he served as a substitute member of the European Parliament’s Committee of Inquiry into Pegasus and equivalent surveillance spyware from March 2022 to July 2023. This marks the first time a member of that committee has been publicly identified as a Pegasus victim while actively serving on the inquiry.

Timing and Method of Infection

Kouloglou’s device was infected on October 21, 2022, and again on March 6-7, 2023. The first infection used the PWNYOURHOME zero-click exploit, initiated through a HomeKit-linked email address. Both infection dates align precisely with intense periods of committee activity, including hearing preparation, draft report circulation, and international delegation visits. The October infection occurred ten days before a delegation trip to Cyprus and Greece that Kouloglou helped plan, and notably while he was hospitalized for elective surgery. The second infection took place in Brussels during final negotiations on the committee’s report.

Broader Context and Attribution

Citizen Lab stopped short of attributing the hacking to a specific government, finding no evidence the Greek government was responsible and no indication Greece has ever been an NSO Group customer. However, researchers identified an overlap: the same HomeKit-linked email used in Kouloglou’s first infection also appeared in a 2024 joint report documenting Pegasus targeting of Russian and Belarusian-speaking exiled journalists and activists across Europe. Kouloglou is not the first MEP found to have been hacked with mercenary spyware, but he is the first PEGA Committee member identified as compromised while actively serving on the inquiry itself.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.