An EU lawmaker who looked into the misuse of spyware was targeted and hacked using Pegasus.
Stelios Kouloglou dedicated two years to a European Parliament committee tasked with investigating the use of commercial hacking tools by governments to spy on their citizens. A report released on Friday by Citizen Lab, a research group at the University of Toronto, revealed that his smartphone was compromised with Pegasus spyware during this investigation.
Kouloglou, a Greek former Member of the European Parliament representing the leftist SYRIZA party, was a substitute member of the PEGA committee, established in 2022 to look into the deployment of Pegasus and similar spyware in EU member nations. Citizen Lab uncovered forensic evidence of three distinct infections on his iPhone: one in October 2022 and two additional ones in March 2023, coinciding with the committee's report drafting period.
The spyware identified was Pegasus, produced by Israel’s NSO Group, and Citizen Lab expressed high confidence in this identification. The October 2022 infection occurred while Kouloglou was hospitalized for a planned procedure. The subsequent infections took place within a day of each other in March 2023, as he traveled between Athens and Brussels during the concluding phase of negotiations regarding the committee’s report.
However, Citizen Lab did not disclose who orchestrated the hack. The method exploited a previously patched Apple vulnerability that had not been installed on Kouloglou’s device; it was a zero-click method that required no action from the target. Researchers connected this infrastructure to a campaign already known to target journalists in other parts of Europe, indicating an NSO government client, although that client remains unnamed.
NSO licenses Pegasus strictly to government entities, but this does not equate to identifying an attacker. No nation has been pinpointed as the operator, and Citizen Lab’s report clearly states that attribution stops there.
Kouloglou labeled the intrusion as “reckless” and announced plans to sue NSO Group. He informed the researchers that he discovered the infections in May after being referred to Citizen Lab for a phone examination by an attorney. NSO Group did not respond to inquiries from either Citizen Lab or the journalists covering the report's findings.
In response to questions about the matter, the European Parliament did not specifically address Kouloglou’s case. A spokesperson mentioned that the institution's IT security team consistently monitors cybersecurity threats and that spyware screening tools have been available to members since 2022, the same year the PEGA committee was established. A follow-up report approved by Parliament last month called for expanding screenings to every device MEPs use for parliamentary activities.
Other PEGA committee members reacted promptly. German MEP Hannah Neumann urged Parliament to implement the committee's initial recommendations, which have largely remained unaddressed since 2023. Ron Deibert, Citizen Lab's director, described the situation as “ironic” given Kouloglou’s involvement in examining the very technology used against him, and cautioned that an unregulated spyware industry undermines trust in democratic institutions that extends beyond any single victim.
The PEGA committee’s 2023 report had already determined that Pegasus and similar tools were misused in Poland, Hungary, Greece, and Spain, calling for stricter EU-wide regulations on their sale and usage. However, little of this has been turned into enforceable law.
A separate case from Bulgaria, where leaked export licenses indicated a Sofia-based NSO affiliate supplied surveillance equipment to intelligence agencies in Azerbaijan and the UAE, suggests that the enforcement gap the committee warned about has only widened since then.
Moreover, even beyond the direct Pegasus market, less expensive commercial spyware sold to European law enforcement, such as the fake WhatsApp app created by Italy's SIO, highlights the extent to which this issue has proliferated beyond a single supplier.
Kouloglou’s experience adds a personal element to what has mainly been a theoretical policy debate. The individuals who spent two years documenting spyware misuse for the European Parliament were not only scrutinizing the tools but were also potentially vulnerable targets, with at least one being attacked while the findings were still being finalized.
Other articles
An EU lawmaker who looked into the misuse of spyware was targeted and hacked using Pegasus.
Citizen Lab reports that former MEP Stelios Kouloglou, who participated in the EU's inquiry into spyware, was targeted with NSO Group's Pegasus during the course of the investigation.
