Pegasus Spyware Infected Phone of European Parliament Member Probing Spyware Abuse
What Happened – A former European Parliament member’s smartphone was infected twice with Pegasus, a zero‑click commercial spyware, in October 2022 and March 2023 while he served on the PEGA Committee that was drafting recommendations on spyware misuse.
Why It Matters for Compliance & Audit Readiness
- The incident exemplifies a failure of endpoint access controls and monitoring—core SOC 2 CC6.1 (Logical Access) requirements that must be continuously evidenced.
- Zero‑click exploits bypass user interaction, highlighting the need for robust device‑management policies, MFA, and real‑time threat‑detection logs that can serve as audit evidence.
- The reuse of a unique targeting email across multiple campaigns underscores the importance of security‑awareness training and incident‑response playbooks to detect and contain sophisticated credential‑compromise attacks.
Who Is Affected – Government bodies, elected officials, and any organization whose leaders handle sensitive policy work on mobile devices.
Recommended Actions
- Map the incident to SOC 2 CC6.1 (Logical Access) and CC7.1 (System Operations) controls; collect device‑log evidence to demonstrate monitoring.
- Deploy mobile‑device‑management (MDM) solutions with enforced encryption, remote‑wipe, and mandatory MFA for privileged accounts.
- Refresh security‑awareness training to cover zero‑click and supply‑chain spyware threats; include phishing‑simulation that mimics targeted email lures.
Source: The Record
Technical Notes – Pegasus is a zero‑click exploit that can be delivered via a crafted SMS or email link, requiring no user interaction. The spyware was attributed to Intellexa (not NSO Group) and leveraged a unique email identifier also seen in attacks on journalists in Belarus and Russia. Compromised data likely included contacts, location, messages, and microphone/audio streams. Source: Citizen Lab report