Essential Insights
- Stelios Kouloglou, a former MEP investigating Pegasus spyware abuses, was repeatedly infected with Pegasus during his tenure, marking the first such case of a serving PEGA committee member.
- Forensic analysis revealed infections on October 21, 2022, and March 6–7, 2023, coinciding with critical PEGA committee activities, including report drafting and delegation visits.
- The initial infection used a zero-click exploit linked to a HomeKit email, and notifications from Apple about threats were reportedly missed by Kouloglou; the infections possibly compromised sensitive information.
- No direct evidence links Greece or any government to the hacking, but overlaps in email use suggest potential connections to broader Pegasus targeting of journalists and activists across Europe.
The Core Issue
Stelios Kouloglou, a former Member of the European Parliament (MEP), was found to have been repeatedly infected with Pegasus spyware during his time serving on the PEGA Committee, which investigated spyware abuses. According to forensic analysis by Citizen Lab, Kouloglou’s iPhone was compromised at least twice—first on October 21, 2022, and again on March 6–7, 2023. These infections occurred during critical moments of the investigation, including when the committee was drafting reports and preparing for international trips, suggesting a possible connection between the spyware attacks and intense committee activities.
The analysis revealed that the initial infection involved a zero-click exploit linked to a HomeKit email, and coincided with Kouloglou’s hospitalization for elective surgery. Despite Apple issuing multiple threat notifications, he does not recall seeing them. Citizen Lab stopped short of blaming any government directly but noted overlap in the email involved with targeting Russian and Belarusian exiled journalists, marking a concerning breach of privacy and confidentiality. This incident is significant because Kouloglou is the first actively serving PEGA Committee member publicly identified as a Pegasus victim, highlighting the malicious reach of sophisticated spyware and raising questions about surveillance practices affecting EU officials and the integrity of their investigations.
Potential Risks
The issue of a former Member of the European Parliament (MEP) investigating spyware abuses having their phone hacked with Pegasus can directly threaten any business’s security. When sensitive information falls into the wrong hands, competitors or malicious actors can exploit it to gain unfair advantages. Moreover, data leaks may compromise client trust, damage reputation, and lead to legal consequences. As Pegasus is a sophisticated tool capable of secretly monitoring activities, any business, regardless of size, risks exposure of confidential data, intellectual property, or internal communications. Consequently, this can result in financial losses, operational disruptions, and long-term harm to stakeholder confidence. Ultimately, if such vulnerabilities are exploited, the entire health of the business—and its future prospects—are at serious risk.
Possible Actions
In cybersecurity, prompt remediation is vital to prevent the escalation of threats and safeguard sensitive information, especially when a device has been compromised by spyware like Pegasus. Addressing the breach swiftly can minimize data loss, restore trust, and reduce the likelihood of future exploits.
Assessment & Identification
- Conduct a comprehensive forensic analysis to confirm the scope of compromise.
- Gather logs and evidence related to the suspicious activity.
Containment
- Immediately disconnect the affected device from all networks to prevent further data exfiltration.
- Disable suspicious accounts and revoke compromised credentials.
Eradication
- Remove malicious software and spyware tools using reputable antivirus and anti-spyware solutions.
- Apply all relevant security patches and updates to the device’s operating system.
Recovery
- Restore data from secure backups, ensuring they are clean and uninfected.
- Reconfigure security settings and enhance endpoint protections.
Communication
- Notify relevant stakeholders, including legal and cybersecurity teams, to coordinate response efforts.
- Report the incident to appropriate authorities, such as cybersecurity agencies, if required.
Prevention
- Implement multi-factor authentication to secure access points.
- Conduct cybersecurity awareness training to recognize potential threats.
- Regularly review and update security policies and incident response plans.
Explore More Security Insights
Explore career growth and education via Careers & Learning, or dive into Compliance essentials.
Explore engineering-led approaches to digital security at IEEE Cybersecurity.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1
