NSO Group's Pegasus spyware targeted a European politician investigating the surveillance tool itself, according to TechCrunch. The politician served on an EU committee examining spyware abuse at the time of the hack.

A government customer of NSO Group deployed Pegasus to infiltrate the politician's device. The incident highlights the direct conflict between regulatory oversight and commercial surveillance capabilities. NSO Group, the Israeli surveillance company behind Pegasus, sells its tools primarily to government agencies worldwide.

Pegasus exploits zero-day vulnerabilities to gain complete access to smartphones without user interaction. The spyware can extract messages, photos, location data, and activate cameras and microphones. NSO Group argues it sells only to vetted government clients for law enforcement and national security purposes.

This case demonstrates the practical risks of that sales model. A lawmaker actively investigating spyware abuses became a target himself, suggesting either a government client acted against EU interests or oversight mechanisms failed to prevent misuse. The incident strengthens arguments for stricter Pegasus regulation.

NSO Group faces mounting pressure from regulators and civil rights organizations worldwide. The company added customers to its banned list following investigations into abuse, but enforcement remains weak. Multiple governments have used Pegasus against political opponents, journalists, and human rights defenders, according to prior reporting by Forbidden Stories and Amnesty International.

The EU has accelerated investigations into surveillance tool exports and domestic use. This hack of a committee member investigating the exact issue underscores how infiltration occurs despite existing oversight. It raises questions about whether NSO Group can credibly claim it prevents customer abuse or whether government purchasers operate with insufficient accountability.

The incident reveals the uncomfortable truth that Pegasus targets in Europe may extend beyond criminals or security threats to political figures conducting legitimate regulatory work.