Monday 06 July 2026 13:42:34 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

Cyber Warfare & Nation-State Operations

The Watchdog Was Watched: Pegasus Lands on a Spyware Investigator

Published: 03 July 2026 14:15Category: Cyber Warfare & Nation-State OperationsGeo: Europe / GreeceAuthor: AGONY

A former European Parliament member involved in spyware oversight was reported to have had a mobile device repeatedly hacked, turning a case about surveillance abuse into a warning about the security of high-risk political work.

Introduction

A device can be more than a phone when its owner helps investigate covert surveillance. In this case, the most sensitive target may not have been the person alone, but the access, drafts, coordination and deliberations attached to a parliamentary role. That is what makes a Pegasus case involving a former Member of the European Parliament especially unsettling: the compromise, if confirmed by forensic findings, sits at the intersection of espionage, institutional secrecy and democratic oversight.

Fast Facts

  • Citizen Lab said it found Pegasus spyware activity on the mobile device of former MEP Stelios Kouloglou.
  • Kouloglou served on a European Parliament committee investigating abuse of commercial spyware in the bloc.
  • The report was based on forensic analysis of the device, not on public claims about who ran the operation.
  • Public information does not identify a responsible operator, vendor customer or state actor in this case.
  • The available evidence supports a risk analysis, not a definitive list of files accessed or data taken.

Body

PEGASUS is not ordinary phone malware. In public technical research, it is treated as a high-end mobile spyware family used for targeted surveillance, often in situations where the victim may not need to click anything at all. That matters because it shifts the defensive model away from user caution and toward device hardening, forensic readiness and rapid incident response.

The technical significance here is the overlap between intrusion and oversight. A parliamentarian serving on a body tasked with examining spyware abuse is exactly the kind of person whose messages, scheduling and committee work could be valuable intelligence. Even if the full scope of compromise is still uncertain, the case illustrates how a single mobile endpoint can become a pressure point for sensitive institutional work.

From a defensive perspective, the bigger lesson is that modern spyware investigations are often retrospective. By the time a device is analyzed, the compromise window may already be closed, and notification from the platform vendor may arrive later than the intrusion itself. That means detection depends heavily on preserved artifacts, careful forensic handling and specialist tooling, not on a quick self-check by the user.

It is also a reminder that public-interest roles create unusual risk. People involved in legislative inquiries, legal oversight or human-rights work may need stronger operational separation between personal and work communications, stricter device hygiene and a plan for preserving evidence if compromise is suspected. Conventional advice helps, but it is not a complete answer against sophisticated mobile spyware.

Conclusion

The broader lesson is simple but uncomfortable: when surveillance becomes the subject of scrutiny, the people doing the scrutinizing can become targets themselves. In that environment, mobile security is not a convenience issue. It is part of institutional resilience, and sometimes part of democratic accountability.

TECHCROOK

Faraday bag for smartphones: A signal-blocking pouch can be useful for people handling sensitive meetings, travel, or device exams. It helps isolate a phone from cellular, Wi‑Fi, Bluetooth, and GPS connections when an air-gapped state is needed. It is not a cure-all for spyware concerns, but it can be a practical part of a cautious mobile-security routine.

Scheda Techcrook: Faraday bag for smartphones

WIKICROOK

  • Pegasus: A commercial mobile spyware family associated with advanced, targeted surveillance operations.
  • Forensic analysis: The examination of device artifacts to determine whether compromise occurred and what traces remain.
  • Zero-click exploit: An attack that can compromise a device without any action from the victim.
  • PEGA committee: A European Parliament inquiry body created to examine Pegasus and similar spyware abuse.
  • Mobile Verification Toolkit: A specialist forensic tool used by investigators to look for signs of spyware on phones.