HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Pegasus Spyware Infected Phone of European Parliament Member Probing Spyware Abuse

A former EU Parliament member’s phone was infected twice with Pegasus spyware while he served on a committee investigating spyware misuse. The breach highlights gaps in endpoint access controls and the need for continuous audit evidence, a core SOC 2 requirement.

LiveThreat™ Intelligence · 📅 July 03, 2026· 📰 therecord.media
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
therecord.media

Pegasus Spyware Infected Phone of European Parliament Member Probing Spyware Abuse

What Happened – A former European Parliament member’s smartphone was infected twice with Pegasus, a zero‑click commercial spyware, in October 2022 and March 2023 while he served on the PEGA Committee that was drafting recommendations on spyware misuse.

Why It Matters for Compliance & Audit Readiness

  • The incident exemplifies a failure of endpoint access controls and monitoring—core SOC 2 CC6.1 (Logical Access) requirements that must be continuously evidenced.
  • Zero‑click exploits bypass user interaction, highlighting the need for robust device‑management policies, MFA, and real‑time threat‑detection logs that can serve as audit evidence.
  • The reuse of a unique targeting email across multiple campaigns underscores the importance of security‑awareness training and incident‑response playbooks to detect and contain sophisticated credential‑compromise attacks.

Who Is Affected – Government bodies, elected officials, and any organization whose leaders handle sensitive policy work on mobile devices.

Recommended Actions

  • Map the incident to SOC 2 CC6.1 (Logical Access) and CC7.1 (System Operations) controls; collect device‑log evidence to demonstrate monitoring.
  • Deploy mobile‑device‑management (MDM) solutions with enforced encryption, remote‑wipe, and mandatory MFA for privileged accounts.
  • Refresh security‑awareness training to cover zero‑click and supply‑chain spyware threats; include phishing‑simulation that mimics targeted email lures.

Source: The Record

Technical Notes – Pegasus is a zero‑click exploit that can be delivered via a crafted SMS or email link, requiring no user interaction. The spyware was attributed to Intellexa (not NSO Group) and leveraged a unique email identifier also seen in attacks on journalists in Belarus and Russia. Compromised data likely included contacts, location, messages, and microphone/audio streams. Source: Citizen Lab report

📰 Original Source
https://therecord.media/pegasus-spyware-european-parliament-pega-committee-member

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →