News Article · Jul 4, 2026 at 5:47 AM
3 min read 0
Member
EU Lawmaker Who Probed Spyware Abuse Had Phone Hacked With Pegasus, Citizen Lab Finds
Security #NSO Group #spyware #Pegasus #Citizen Lab #EU Parliament #Stelios Kouloglou #PEGA committee

EU Lawmaker Who Probed Spyware Abuse Had Phone Hacked With Pegasus, Citizen Lab Finds

Citizen Lab found forensic evidence that Stelios Kouloglou's iPhone was infected with Pegasus spyware three times while he served on the European Parliament's PEGA committee investigating government spyware abuse.

Stelios Kouloglou, a Greek former member of the European Parliament who spent two years on a committee investigating government spyware abuse, had his own iPhone hacked with NSO Group's Pegasus spyware while the inquiry was underway. Citizen Lab, the University of Toronto research group, published the findings on Friday.

Forensic evidence showed three separate infections: one in October 2022 and two in March 2023, all using Pegasus. The October infection occurred while Kouloglou was in hospital for a scheduled procedure. The March infections arrived within a day of each other as he traveled between Athens and Brussels during final negotiations on the committee's report.

Zero-Click Exploit and Unidentified Attacker

The exploit relied on a previously patched Apple vulnerability that had not been installed on Kouloglou's device, a zero-click method requiring no action from the target. Citizen Lab linked the infrastructure to a campaign previously used against journalists in Europe, pointing to an NSO government client rather than the company itself. However, no country has been identified as the operator, and Citizen Lab's report explicitly stops short of attribution.

  • Kouloglou served as a substitute member of the PEGA committee, formed in 2022 to examine Pegasus and similar spyware across EU member states.
  • He told researchers he only learned of the infections in May after a lawyer referred him to Citizen Lab for a phone check.
  • NSO Group did not respond to requests for comment from Citizen Lab or reporters.
  • The European Parliament did not address Kouloglou's situation directly but said spyware-screening tools have been available to members since 2022.
  • A follow-up report adopted by parliament last month called for extending that screening to every device MEPs use for parliamentary business.

Implications for Democratic Institutions

Kouloglou called the intrusion "reckless" and said he intends to sue NSO Group. German MEP Hannah Neumann called for parliament to finally implement the committee's original recommendations, which have largely sat untouched since 2023. Ron Deibert, Citizen Lab's director, described the case as "ironic" given Kouloglou's role investigating the same technology used against him, and warned that an unregulated spyware industry corrodes trust in democratic institutions.

The PEGA committee's 2023 report concluded that Pegasus and comparable tools were misused in Poland, Hungary, Greece and Spain, and called for tighter EU-wide controls on their sale and use. Little of that has translated into binding law. A separate case out of Bulgaria, where leaked export licenses showed a Sofia-based NSO affiliate shipping surveillance equipment to intelligence agencies from Azerbaijan to the UAE, suggests the enforcement gap has only widened. Even outside the Pegasus market, cheaper commercial spyware sold to European law enforcement, like the fake WhatsApp app built by Italy's SIO, shows how far the underlying problem has spread beyond a single vendor. Kouloglou's case adds a personal detail to what has largely been an abstract policy fight, demonstrating that the people who documented spyware abuse were plausible targets for the tool they were scrutinizing.

Fact check

  • Stelios Kouloglou's iPhone was infected with Pegasus spyware three times while he served on the PEGA committee.

    verified · source

  • The infections occurred in October 2022 and March 2023.

    verified · source

  • The exploit used a zero-click method requiring no action from the target.

    verified · source

  • No country has been identified as the operator of the attack.

    verified · source

  • The PEGA committee's 2023 report concluded Pegasus was misused in Poland, Hungary, Greece and Spain.

    verified · source

Source reporting (4)

0 Comments

No comments yet

Be the first to share your thoughts on this article.

Join the conversation

You need to be registered and logged in to comment on blog articles.

Who Is Online

In total there are 89 users online: 0 registered, 80 guests and 9 bots.

Most users ever online was 4,502 on 28 Jun 2026, 10:02 am.

Bots: AhrefsBot Baiduspider Bingbot Facebook Majestic Other Bot Other Crawler Other Spider PetalBot

Users active in the past 15 minutes. Total registered members: 366