EU Lawmaker Hacked by Pegasus While Probing Spyware Abuse

EU Lawmaker Hacked by Pegasus While Probing Spyware Abuse

The discovery that a sitting official tasked with investigating surveillance abuse became a victim of the very same technology he sought to regulate highlights the deepening vulnerability of democratic systems. Stelios Kouloglou, a former Member of the European Parliament and a central figure in the PEGA Committee, was found to have his mobile device compromised by the notorious Pegasus spyware during his tenure. Forensic investigators revealed that the intrusion relied on a sophisticated zero-click exploit known as “PWNYOURHOME,” a technique that bypasses the need for any user interaction, such as clicking a malicious link or downloading an attachment. This specific method of entry is particularly insidious because it leaves almost no trace for the victim to detect in real-time. The timing of the breach coincided with sensitive legislative sessions and even periods when Kouloglou was hospitalized for surgery, suggesting that the operators were meticulously monitoring his personal life to exploit moments of physical or professional distraction.

Evidence of Widespread Mercenary Operations

Tracking Exiles: Cross-Border Surveillance Campaigns

Digital forensic analysts identified a specific email address associated with the deployment of the spyware, which provided a critical link between the targeting of Kouloglou and broader surveillance campaigns across Europe. This single point of origin connected the attack on the EU lawmaker to similar intrusive operations directed at Russian and Belarusian dissidents who had fled their home countries to escape political persecution. Such evidence strongly indicates that the perpetrator is a Pegasus customer possessing a license that grants them the capability to operate across multiple international borders with ease. This cross-border nature of digital espionage illustrates how state actors can utilize commercial tools to maintain a presence within the European Union, tracking high-value targets regardless of their geographic location or political status. The presence of these operations within the heart of European democracy suggests that the mercenary spyware industry is currently operating with a level of impunity.

Forensic Proliferation: Authoritarian Use of Extraction Tools

The scope of modern surveillance extends far beyond mobile spyware, as evidenced by the persistent use of physical forensic extraction devices produced by companies like Cellebrite. Although many such firms claimed to have withdrawn from repressive markets, investigators found that these devices continued to be used by Russian authorities to breach the encrypted communication of opposition activists. One high-profile case involved the phone of Andrey Pivovarov, which was compromised using these tools despite official assertions that the technology was no longer supported in the region. This situation underscores a fundamental reality in the surveillance market: once advanced forensic tools are sold and deployed, the manufacturer exerts virtually no control over how the equipment is used. The secondary market and the longevity of hardware components mean that legacy systems remain potent weapons in the hands of authoritarian regimes long after the original contracts have expired, creating a permanent risk for activists.

Weaponizing Telecommunications Infrastructure

Protocol Vulnerabilities: Location Tracking via Network Signaling

Beyond the installation of malware on individual handsets, sophisticated state actors have shifted their focus toward exploiting the fundamental architecture of global telecommunications. By manipulating the Signaling System No. 7 and Diameter protocols, which are the legacy frameworks responsible for managing how cellular networks interact, attackers can track a person’s precise physical location without ever touching their device. This infrastructure-level surveillance is particularly dangerous because it operates entirely within the network core, making it invisible to even the most security-conscious users. There is no suspicious link to avoid and no software exploit to patch on the phone itself; the vulnerability lies in the very way global mobile roaming is designed. This method allows surveillance agencies to query network databases and receive real-time location updates on any phone number, effectively transforming the global telecommunications grid into a passive tracking system that operates silently in the background of daily digital life.

Infrastructure Gateways: Masking Intrusion via Malicious Providers

These sophisticated tracking operations are frequently funneled through specific telecommunications providers that serve as deliberate entry points for malicious signaling traffic. By gaining access to these surveillance gateways, threat actors can mask their intrusive activities behind legitimate network queries, making it nearly impossible for larger carriers to distinguish between a standard roaming request and a targeted tracking attempt. This strategy effectively weaponizes the connectivity that defines the modern age, turning the infrastructure meant to unite the world into a tool for covert monitoring. These malicious entry points act as a veil, shielding the true identity of the state actor while providing them with a steady stream of intelligence data. The reliance on these structural flaws means that as long as the global telecommunications protocols remain unpatched, individuals will continue to be tracked with alarming accuracy, regardless of whether they employ advanced encryption or switch to supposedly secure messaging apps.

The Crisis of Digital Privacy and Oversight

Systematic Threats: Targeting Democratic Oversight Bodies

A clear and disturbing pattern has emerged where individuals who investigate the misuse of surveillance or challenge established power structures are prioritized as primary targets for digital intrusion. The hacking of an EU lawmaker in the midst of an official parliamentary investigation represents a direct assault on the democratic checks and balances designed to hold governments accountable. It reveals that commercial spyware is no longer being utilized solely for its purported purpose of fighting terrorism or serious crime; instead, it has become a standard instrument for gathering political intelligence and suppressing dissent within democratic territories. This shift in usage signals a crisis for the rule of law, as the tools intended to protect public safety are redirected toward undermining the institutions that oversee their use. When those responsible for investigating abuses are themselves monitored, the ability of a society to prevent the slide into techno-authoritarianism is severely compromised.

Institutional Evolution: Future Safeguards and Accountability

The global surveillance landscape shifted toward a level of technical sophistication that rendered previous legal frameworks and oversight mechanisms largely obsolete. As attackers migrated to more stealthy methods like zero-click exploits and protocol-level tracking, the necessity for a unified international response became the only viable path forward. Experts advocated for a total ban on the trade of mercenary spyware until meaningful human rights safeguards were established and enforced across all jurisdictions. The integration of technical defenses, such as hardening telecommunications protocols and mandating transparency in the sale of forensic hardware, was identified as a critical priority for legislative efforts. Leaders recognized that without these proactive measures, the integrity of democratic processes and the fundamental right to privacy would remain permanently under siege. The transition toward stricter accountability for manufacturers and the implementation of real-time network monitoring eventually served as the foundation for restoring digital trust.

subscription-bg
Subscribe to Our Weekly News Digest

Stay up-to-date with the latest security news delivered weekly to your inbox.

Invalid Email Address
subscription-bg
Subscribe to Our Weekly News Digest

Stay up-to-date with the latest security news delivered weekly to your inbox.

Invalid Email Address