Politician who investigated spyware abuses had his phone hacked with Pegasus spyware
Citizen Lab confirmed that Stelios Kouloglou, a member of the European Parliament’s PEGA committee investigating spyware abuses, was hacked with NSO Group’s Pegasus spyware in 2022 and 2023. The attacks utilized a zero-click exploit targeting a patched vulnerability in Apple’s iOS smart home software, allowing unauthorized access to private data without user interaction. The hacker reused an email address linked to previous campaigns against European journalists, implying a government customer w
Analysis
TL;DR
- Citizen Lab confirmed that Stelios Kouloglou, a member of the European Parliament’s PEGA committee investigating spyware abuses, was hacked with NSO Group’s Pegasus spyware in 2022 and 2023.
- The attacks utilized a zero-click exploit targeting a patched vulnerability in Apple’s iOS smart home software, allowing unauthorized access to private data without user interaction.
- The hacker reused an email address linked to previous campaigns against European journalists, implying a government customer with multi-country authorization from NSO Group.
- The timing of the hacks coincided with critical committee activities, including draft report preparation and hospital visits, raising concerns about political suppression and privacy violations.
- Kouloglou intends to sue NSO Group, highlighting ongoing tensions between state-sponsored surveillance tools and democratic oversight mechanisms.
Why It Matters
This incident underscores the severe risks posed by commercial spyware to democratic institutions and the rule of law, particularly when targets are investigators themselves. It highlights the urgent need for stricter regulatory frameworks governing the sale and use of zero-day exploits and surveillance technologies by governments. For cybersecurity professionals, it serves as a stark reminder that even patched vulnerabilities can be weaponized if devices are not updated promptly, emphasizing the critical importance of rapid patch deployment and zero-click exploit mitigation.
Technical Details
- Exploit Vector: The intrusion was achieved via a "zero-click" bug exploiting a previously discovered flaw in Apple’s smart home software integrated into iPhones, requiring no user interaction to compromise the device.
- Target System: The attacks targeted Apple’s iPhone operating system, specifically leveraging a vulnerability that had already been patched by Apple but remained uninstalled on Kouloglou’s device.
- Data Exfiltration: Once compromised, the spyware extracted sensitive data including text messages, correspondence, location history, photos, and potentially ambient audio from the device microphone.
- Attribution Clues: Citizen Lab identified the attacker through the reuse of a specific Pegasus-loaded email address previously associated with campaigns against journalists across Europe, suggesting a single government customer with broad authorization.
- Timeline: The initial hack occurred in October 2022, followed by two additional intrusions in March 2023, aligning with key periods of committee deliberations and travel.
Industry Insight
- Regulatory Pressure: This case will likely intensify calls for the European Commission and other global bodies to impose stricter limits on spyware exports and usage, potentially leading to more rigorous licensing requirements for vendors like NSO Group.
- Vendor Accountability: The incident reinforces the necessity for surveillance technology companies to implement robust end-user verification processes and ethical guidelines to prevent misuse against journalists, politicians, and civil society members.
- Security Hygiene: Organizations and individuals handling sensitive political or investigative data must prioritize immediate application of security patches, especially for zero-click vulnerabilities, as delays can lead to catastrophic breaches.
Disclaimer: The above content is generated by AI and is for reference only.