Your phone isn't just a phone anymore. It's a tracking device that can be turned against you by anyone with enough money to buy elite cyber weapons. A new report from Citizen Lab just proved how bad the problem has gotten.
Stelios Kouloglou, a former member of the European Parliament, was tasked with investigating the illegal use of mercenary surveillance software. While he was doing that job, his own phone was targeted. Let that sink in. The person elected to investigate spyware abuses was actively hacked by the exact tech he was looking into. Meanwhile, you can find similar developments here: Why The Us Troop Withdrawal From Nigeria Is Actually A Win For Africa.
This isn't an isolated tech glitch. It's a direct assault on democratic oversight. If a European lawmaker cannot safely investigate cyber weapons without becoming a target, ordinary citizens stand absolutely no chance.
The Ultimate Irony of the European Spyware Crisis
The University of Toronto’s Citizen Lab released a detailed report exposing the timeline of the attacks against Kouloglou. He joined a special European Parliamentary committee known as Pega back in March 2022. The committee was set up right after the original Pegasus Project revelations showed global governments abusing commercial hacking tools. To see the bigger picture, we recommend the recent article by TIME.
Kouloglou’s phone was first compromised around October 21, 2022. This wasn't a random date. It occurred during a highly intense phase of the committee's work, right when they were drafting their first major report.
The hack also lined up with another bizarre event. Kouloglou went into the hospital for elective surgery. While there, he was visited by Thanasis Koukakis, a Greek investigative journalist. Koukakis was a prominent victim of the "Greek Watergate" scandal, where over 80 politicians, journalists, and military officials were illegally spied on. Koukakis had already testified about his experience in front of the Pega committee.
The surveillance didn't stop there. Kouloglou's device was hacked a second time on March 6 and 7, 2023. At that exact moment, the Pega committee was locked in fierce final negotiations over its conclusions. Kouloglou was traveling from Athens to Brussels when the spyware struck again.
Whoever ordered the hack wanted real-time visibility into what the committee knew and who they were talking to. It worked.
Who Was Behind the Attack
Citizen Lab couldn't name the specific government client responsible. They did find some incredibly specific digital fingerprints though.
The attack bore the distinct technical hallmarks of a hacking campaign that targeted seven Russian and Belarusian-speaking independent journalists and opposition activists living in exile across Europe. The researchers found a unique Apple ID email address tied to the infrastructure of both operations. This points directly to a single government operator using NSO Group’s Pegasus software.
The evidence suggests this specific government client held active operational licenses in both Greece and Belgium. NSO Group maintains its usual corporate defense line. They claim they sell their software only to legitimate government agencies to fight terrorism and major crime. They claim they don't know who their clients target.
The reality on the ground tells a completely different story. The gap between corporate talking points and the actual deployment of these tools has evaporated.
Why European Leaders Look the Other Way
The most disturbing part of this story isn't just the hack. It's the total lack of political consequences.
The Pega committee spent more than a year gathering evidence, interviewing victims, and drafting recommendations to reign in commercial cyber weapons. They wanted strict regulations, independent oversight, and clear bans on abuse.
Europe's ruling institutions basically threw those recommendations in the trash. John Scott-Railton, a senior researcher at Citizen Lab, points out that the parliament essentially looks away whenever new European spyware abuses come to light.
Spain's highest criminal court recently dropped its investigation into the Pegasus targeting of Prime Minister Pedro Sánchez and other cabinet ministers. Why? Because the Israeli government refused to cooperate with the investigation. When state actors face zero accountability, the illegal market thrives.
How Mercenary Spyware Actually Works
Most people think you have to click a sketchy link to get hacked. With modern mercenary spyware, you don't have to do anything wrong.
Pegasus uses what are called zero-click exploits. These attacks take advantage of hidden flaws in common messaging apps like iMessage or WhatsApp. The attacker sends a silent, invisible data package to your device. Your phone processes the data, triggers the vulnerability, and installs the spyware without ever showing a notification. You wouldn't notice a thing.
Once inside, the operator gains total control. They can read your encrypted text messages, listen to your phone calls, download your photos, track your live GPS location, and silently turn on your microphone and camera to record your surroundings.
What High Risk Individuals Must Do Right Now
You might think you aren't important enough to be a target. If you are a journalist, an activist, a corporate executive, or a political organizer, you are in the high-risk category. You need to take active steps to protect your data.
Run the Mobile Verification Toolkit
The Mobile Verification Toolkit is an open-source tool developed to help identify traces of Pegasus and similar forensic indicators on iOS and Android devices. It analyzes your phone’s backup files for known malicious domains and anomalous process logs. If you suspect targeted surveillance, running this tool is your best starting point.
Enable Lockdown Mode
If you use an Apple device, turn on Lockdown Mode immediately. It strips away complex web technologies, blocks most message attachments, and shuts down the exact avenues zero-click exploits use to enter your phone. It changes how your phone functions, but it provides the strongest built-in defense available against mercenary cyber weapons.
Implement Regular Device Reboots
Reboot your phone every single day. Many zero-click exploits run entirely in the device's volatile memory to avoid leaving permanent files on the hard drive. A simple restart wipes the memory and forces the attacker to reinfect your device from scratch, raising the cost and difficulty of the surveillance operation.
The compromise of an investigator on the very committee assigned to stop spyware demonstrates that defensive tech and policy statements aren't enough. Check your hardware, run diagnostics, change your operational security habits, and don't assume your communications are private just because you use an encrypted app.