Forensic Identification of Pegasus Spyware Intrusion Targeting European Parliamentarian

法證識別針對歐洲議會議員的 Pegasus 監控軟體入侵


Introduction

A forensic analysis by Citizen Lab has confirmed that Stelios Kouloglou, a former Member of the European Parliament (MEP), was targeted by Pegasus spyware while serving on a committee investigating the misuse of such surveillance tools.

Citizen Lab 的法證分析證實,前歐洲議會議員 Stelios Kouloglou 在調查濫用監控工具的委員會任職期間,遭到 Pegasus 監控軟體針對。

Main Body

The intrusions occurred during the tenure of Mr. Kouloglou on the PEGA Committee, an entity established in 2022 to examine the contravention of European Union law via mercenary spyware. Forensic data indicates the device was compromised on October 21, 2022, and again on March 6 and 7, 2023. These temporal markers coincide with critical committee activities, including the drafting of reports and the conduct of high-level hearings. The initial infection occurred while the subject was hospitalized and in contact with Thanasis Koukakis, a journalist previously targeted by Predator spyware during the domestic surveillance scandal in Greece.

入侵發生在 Kouloglou 先生於 PEGA 委員會任職期間,該委員會於 2002 年成立,旨在檢查透過僱傭監控軟體違反歐盟法律的情況。法證數據顯示,裝置於 2022 年 10 月 21 日遭到入侵,隨後於 2023 年 3 月 6 日及 7 日再次遭到入侵。這些時間點與委員會的關鍵活動相吻合,包括起草報告及舉行高層聽證會。最初的感染發生在當事人住院期間,當時他與 Thanasis Koukakis 有接觸,後者是一名在希臘國內監控醜聞中被 Predator 監控軟體針對的記者。

Regarding attribution, Citizen Lab has not identified a specific state actor; however, the analysis noted the absence of evidence implicating the Greek government. Conversely, the researchers identified technical overlaps—specifically a unique Apple ID email—linking these attacks to a campaign targeting seven Russian- and Belarusian-speaking activists and journalists. This suggests the operator possessed licenses for deployment within Greece and Belgium. The Pegasus software, developed by the Israeli firm NSO Group, facilitates comprehensive remote access to device hardware and data. NSO Group has previously been blacklisted by the United States administration for activities deemed contrary to national security interests.

關於歸屬問題,Citizen Lab 尚未識別出特定的國家級參與者;然而,分析指出缺乏證據顯示希臘政府牽涉其中。相反,研究人員發現了技術上的重疊——特別是一個唯一的 Apple ID 電郵——將這些攻擊與一次針對七名俄語及白俄羅斯語活動人士與記者的行動聯繫起來。這表明操作者擁有在希臘及比利時部署的許可證。Pegasus 軟體由以色列公司 NSO Group 開發,可實現對裝置硬體及數據的全面遠端存取。NSO Group 先前因被認定有違國家安全利益的活動,而被美國政府列入黑名單。

Stakeholders within the European Parliament, including MEP Hannah Neumann and Saskia Bricmont, have characterized these breaches as an assault on the rule of law and parliamentary integrity. There is a prevailing concern that the compromise of a PEGA Committee member may have granted the adversary access to confidential deliberations and internal findings. Despite the committee's recommendations for the establishment of a specialized EU forensic laboratory and an election-focused spyware task force, these measures have not yet been implemented by the relevant institutions.

歐洲議會的利害關係人,包括議員 Hannah Neumann 及 Saskia Bricmont,將這些入侵定性為對法治及議會誠信的攻擊。目前普遍擔心,PEGA 委員會成員遭到入侵,可能使對手獲取機密商議過程及內部調查結果。儘管委員會建議成立一個專門的歐盟法證實驗室及一個專注於選舉的監控軟體專案小組,但相關機構尚未實施這些措施。

Conclusion

The incident underscores a systemic vulnerability within European legislative bodies and a perceived lack of institutional response to the proliferation of mercenary spyware.

此次事件突顯了歐洲立法機構內部的系統性漏洞,以及制度上對於僱傭監控軟體泛濫缺乏回應。

Vocabulary Learning

The Architecture of 'Nominal Density' and Formal Cohesion

To transition from B2 to C2, a student must move beyond simple narrative flow and master Nominalization—the process of turning verbs and adjectives into nouns to create a 'dense' academic style. This article is a prime specimen of high-density formal English, where action is stripped of its subject to prioritize the concept over the actor.

◈ The Mechanism: Action \rightarrow Entity

Observe how the text avoids simple sentences (e.g., "They broke into the phone") in favor of nominal clusters:

  • "The proliferation of mercenary spyware" \rightarrow Instead of saying "Spyware is spreading quickly," the writer transforms the verb proliferate into a noun. This shifts the focus from the movement to the phenomenon itself.
  • "The contravention of European Union law" \rightarrow Instead of "They broke the law," the noun contravention elevates the register to a legalistic, impersonal tone characteristic of C2-level discourse.

◈ Precision via 'Temporal and Spatial Markers'

C2 mastery requires the ability to anchor events with surgical precision without relying on repetitive time-connectors (First, then, after that). Note the use of:

*"These temporal markers coincide with critical committee activities..."

By labeling dates as "temporal markers," the author treats time as a data point. This is metadiscourse—talking about the structure of the evidence while presenting the evidence itself.

◈ Nuanced Hedge-Words & Attribution

Notice the strategic use of qualifiers to avoid absolute claims, a hallmark of scholarly writing:

  • "...activities deemed contrary to..."
  • "...a perceived lack of institutional response..."

C2 Insight: Using "perceived" instead of "actual" allows the writer to report a sentiment without taking personal responsibility for the truth of that sentiment. It creates a layer of professional detachment.

◈ Syntactic Sophistication: The 'Appositive' Expansion

Look at the phrasing: "...the PEGA Committee, an entity established in 2022 to examine..."

This is an appositive phrase. Rather than starting a new sentence ("The PEGA Committee was established in 2022"), the C2 writer embeds the definition directly into the sentence flow. This increases the information density and maintains a sophisticated, uninterrupted rhythmic cadence.

Vocabulary Learning

contravention (n.)
An action that violates a law, treaty, or agreement.
Example:The company was fined heavily for the contravention of environmental regulations.
tenure (n.)
The period of time during which someone holds an important office or position.
Example:During her tenure as CEO, the firm expanded into three new international markets.
attribution (n.)
The action of ascribing a work or a specific act to a particular person, group, or entity.
Example:The cybersecurity firm struggled with the attribution of the attack due to the use of proxy servers.
implicating (v.)
Showing that someone is involved in or responsible for a crime or harmful act.
Example:The leaked documents ended up implicating several high-ranking officials in the bribery scheme.
prevailing (adj.)
Existing at a particular time; current or widespread.
Example:Despite the new evidence, the prevailing opinion among the board remained unchanged.
proliferation (n.)
The rapid increase in the number or amount of something.
Example:The proliferation of fake news on social media has made it difficult to verify facts during elections.
underscores (v.)
To emphasize the importance or truth of something.
Example:The recent power outage underscores the urgent need for a more resilient energy grid.
Practice C2 words in a crossword