The Pegasus spyware attack targeting a European Parliament member has reignited concerns over espionage threats in Europe. Within days, Citizen Lab confirmed the infection, directly affecting someone investigating spyware abuse. This event highlights the ongoing risks posed by advanced mercenary spyware like Pegasus, especially to high-profile political figures.
Pegasus Spyware Compromises European Parliament Committee Member
On 26 June 2024, Citizen Lab publicly disclosed that a sitting member of the European Parliament’s committee investigating spyware had been hacked with Pegasus. This high-profile attack is significant for several reasons. The targeted individual was part of a special parliamentary committee (PEGA) tasked with probing the abuse of commercial spyware across Europe. The timing and choice of target suggest a deliberate attempt at espionage, aiming to monitor or disrupt investigations into spyware vendors and their use by nation states.
The infection was identified by Citizen Lab, a leading interdisciplinary laboratory at the University of Toronto, renowned for its research into targeted digital threats. Their analysis confirmed that Pegasus, a tool developed by the Israeli company NSO Group, was used in the attack. Pegasus is infamous for its ability to compromise mobile devices without the need for user interaction, often using so-called “zero-click” exploits.
Details of the Attack: Timeline, Targets and Method
The attack was detected in mid-2024, though the precise date of initial infection has not been made public. The victim is a member of the PEGA committee, established in 2022 to investigate the use of commercial spyware in Europe. The committee’s work has been high profile, scrutinising both EU member states and private sector actors suspected of deploying or enabling spyware operations.
Key details of the incident include:
- When: Publicly disclosed by Citizen Lab on 26 June 2024. Infection likely occurred weeks or months prior, aligning with typical spyware campaign timelines.
- Who is affected: At least one MEP (Member of European Parliament) serving on the committee investigating spyware abuses. No additional victims have been named yet, but the targeting of committee members raises concerns about wider surveillance.
- Products and versions: The attack leveraged Pegasus spyware, which is capable of exploiting both iOS and Android devices. While Citizen Lab has not detailed the exact mobile OS and version, Pegasus is known to target recent versions of iOS using zero-day or recently patched vulnerabilities.
- Attack method: Pegasus typically relies on sending invisible or malicious messages that do not require user interaction. These can include zero-click iMessages, WhatsApp calls, or silent push notifications that trigger code execution on the device, granting the attacker full access to calls, messages, camera, and microphone.
- Current exploitation status: Citizen Lab’s confirmation suggests the attack was successful and the device was actively compromised. The incident has prompted urgent internal reviews within the European Parliament and wider calls for investigation across the EU.
Citizen Lab’s forensic analysis indicates that the infection was sophisticated, aligning with previous Pegasus campaigns attributed to state actors or their proxies. The choice of target—a committee member investigating spyware—strongly suggests a political or intelligence-driven motive, rather than purely criminal or commercial interests.
Implications for European Institutions and Mobile Security
This attack is particularly alarming because it directly undermines the integrity of a parliamentary inquiry into spyware. The incident demonstrates that even those investigating abuses of surveillance technology are not safe from its reach. It also raises questions about the security of communications and devices used by lawmakers and officials in sensitive roles.
The broader context is that Pegasus has been repeatedly linked to espionage campaigns targeting journalists, activists, government officials, and opposition politicians worldwide. Its use in Europe, and specifically against an MEP, shows that the threat is not limited to countries outside the EU or to less high-profile targets.
Notably, the incident occurred amidst increased scrutiny and regulation around commercial spyware in Europe. The PEGA committee’s findings, due to be published later in 2024, may now be shaped by the direct experience of its members being targeted. This could accelerate policy responses and drive investment in mobile security measures for public officials.
Immediate Actions and Recommendations
In response to this confirmed Pegasus attack, the European Parliament and other EU institutions are likely to:
- Conduct urgent forensic reviews of devices used by committee members and senior officials
- Issue security advisories and guidance on high-risk mobile device usage
- Review and tighten policies around mobile device provisioning, monitoring and incident reporting
- Coordinate with national cyber authorities and law enforcement to identify the attacker’s origin and objectives
Organisations with high-risk individuals, especially those involved in regulatory or investigative work, should move quickly to enable enhanced monitoring for mobile threats, review device baselines, and consider additional controls for sensitive communications. While Pegasus attacks are highly targeted, their impact can be severe, with attackers able to exfiltrate sensitive data and monitor conversations in real time.
Originally reported by Unknown.







