An EU legislator who looked into the misuse of spyware was targeted and hacked using Pegasus.

An EU legislator who looked into the misuse of spyware was targeted and hacked using Pegasus.

      Stelios Kouloglou dedicated two years to a European Parliament committee established to investigate government surveillance of citizens using commercial hacking tools. A report released on Friday by Citizen Lab, a research group from the University of Toronto, revealed that his phone was infected with Pegasus spyware during this investigation.

      Kouloglou, a former Greek MEP representing the left-leaning SYRIZA party, was a substitute member of the PEGA committee, which was formed in 2022 to assess the deployment of Pegasus and similar spyware within EU member states. Citizen Lab discovered forensic evidence of three distinct infections on his iPhone — one in October 2022 and two in March 2023, coinciding with the drafting of the committee's findings.

      The spyware identified was Pegasus, developed by Israel's NSO Group, with Citizen Lab asserting high confidence in their identification. The October 2022 infection occurred while Kouloglou was hospitalized for a scheduled procedure. The subsequent two infections occurred within a day of each other in March 2023, during his travel between Athens and Brussels as negotiations regarding the committee's report reached their final stages.

      However, Citizen Lab did not disclose who was responsible for the hack. The exploit utilized a previously fixed Apple vulnerability that had not been updated on Kouloglou's device, employing a zero-click method requiring no action from the target. Researchers associated the infrastructure with a campaign previously targeted at journalists in other parts of Europe, suggesting an NSO government client was involved, although that client remains unnamed.

      NSO licenses Pegasus solely to government entities, but this does not equate to identifying an attacker. No nation has been pinpointed as the operator, and Citizen Lab’s report clearly states that attribution does not extend beyond this point.

      Kouloglou characterized the breach as "reckless" and expressed his intentions to sue NSO Group. He revealed that he only became aware of the infections in May, following a lawyer's referral to Citizen Lab for a phone examination. NSO Group did not respond to inquiries from either Citizen Lab or the journalists reporting on the findings.

      In response to inquiries about the case, the European Parliament did not directly address Kouloglou’s situation. A spokesperson indicated that the institution's IT security team is "constantly monitoring cybersecurity threats" and that spyware screening tools have been accessible to members since 2022, the same year the PEGA committee was established.

      A recent follow-up report passed by parliament last month advocated for expanding such screenings to all devices utilized by MEPs for parliamentary activities. Other PEGA committee members swiftly responded, with German MEP Hannah Neumann urging parliament to finally act on the committee’s original recommendations, which have remained largely untouched since 2023.

      Ron Deibert, director of Citizen Lab, remarked on the "irony" of the situation, considering Kouloglou's role in investigating the same technology that was employed against him, emphasizing that an unregulated spyware market erodes trust in democratic institutions well beyond individual targets.

      The PEGA committee’s 2023 report had previously established that Pegasus and comparable tools were misused in Poland, Hungary, Greece, and Spain, calling for stricter EU-wide regulations on their sale and utilization. However, little of this has progressed into enforceable legislation.

      Additionally, a separate case in Bulgaria, where leaked export licenses indicated a Sofia-based NSO affiliate supplying surveillance equipment to intelligence agencies from Azerbaijan to the UAE, illustrates the growing enforcement gap that the committee warned about.

      Furthermore, beyond the Pegasus market itself, less expensive commercial spyware marketed to European law enforcement, such as the counterfeit WhatsApp app created by Italy’s SIO, indicates that the underlying issue has expanded beyond a single vendor.

      Kouloglou’s situation personalizes what has largely been a conceptual policy battle. The individuals who spent two years documenting misuse of spyware for the European Parliament were likely targets for the very tools they were investigating, with at least one of them being compromised while the findings were still being finalized.

Other articles

An EU lawmaker who looked into the misuse of spyware was targeted and hacked using Pegasus. An EU lawmaker who looked into the misuse of spyware was targeted and hacked using Pegasus. Citizen Lab reports that former MEP Stelios Kouloglou, who participated in the EU's inquiry into spyware, was targeted with NSO Group's Pegasus during the course of the investigation. HCLTech secures a $1.14 billion contract with a European company, marking its largest deal since 2023. HCLTech secures a $1.14 billion contract with a European company, marking its largest deal since 2023. India's HCLTech has secured a $1.14 billion digital transformation contract with an undisclosed Fortune Global 50 European company, marking its biggest victory since the Verizon deal in 2023. If these leaks are accurate, the Galaxy Z Fold 8 Wide might address the Fold's most significant issue. If these leaks are accurate, the Galaxy Z Fold 8 Wide might address the Fold's most significant issue. Recent leaks of the new Galaxy Z Fold 8 Wide display a dummy model in Graphite color, paired with a comparison to the Galaxy S26 Ultra. This suggests that Samsung's upcoming foldable may genuinely resemble a typical smartphone when folded. Zuckerberg states that the advancement of Meta’s AI agents is lagging behind expectations. Zuckerberg states that the advancement of Meta’s AI agents is lagging behind expectations. Mark Zuckerberg informed Meta employees that the progress of agentic AI has not advanced as anticipated, four months following a significant restructuring of the company's AI department. OPPO's Bubble made me long for magnetic accessories to be this enjoyable. OPPO's Bubble made me long for magnetic accessories to be this enjoyable. The Oppo Bubble is a magnetic AMOLED add-on for compatible OPPO smartphones that functions as a personalized display, animated notification, and rear-camera viewfinder. Blackstone’s QTS has canceled its Digital Gateway data center project in Virginia. Blackstone’s QTS has canceled its Digital Gateway data center project in Virginia. QTS has discontinued its last legal appeal, bringing to a close its plans for what would have been among the largest data center campuses globally in Prince William County.

An EU legislator who looked into the misuse of spyware was targeted and hacked using Pegasus.

According to Citizen Lab, Stelios Kouloglou, a former Member of the European Parliament who participated in the EU's spyware investigation, was targeted by NSO Group's Pegasus malware during the course of the inquiry.