EU Lawmaker Who Probed Spyware Abuse Had Phone Hacked With Pegasus, Citizen Lab Finds
Citizen Lab found forensic evidence that Stelios Kouloglou's iPhone was infected with Pegasus spyware three times while he served on the European Parliament's PEGA committee investigating government spyware abuse.
Stelios Kouloglou, a Greek former member of the European Parliament who spent two years on a committee investigating government spyware abuse, had his own iPhone hacked with NSO Group's Pegasus spyware while the inquiry was underway. Citizen Lab, the University of Toronto research group, published the findings on Friday.
Forensic evidence showed three separate infections: one in October 2022 and two in March 2023, all using Pegasus. The October infection occurred while Kouloglou was in hospital for a scheduled procedure. The March infections arrived within a day of each other as he traveled between Athens and Brussels during final negotiations on the committee's report.
Zero-Click Exploit and Unidentified Attacker
The exploit relied on a previously patched Apple vulnerability that had not been installed on Kouloglou's device, a zero-click method requiring no action from the target. Citizen Lab linked the infrastructure to a campaign previously used against journalists in Europe, pointing to an NSO government client rather than the company itself. However, no country has been identified as the operator, and Citizen Lab's report explicitly stops short of attribution.
- Kouloglou served as a substitute member of the PEGA committee, formed in 2022 to examine Pegasus and similar spyware across EU member states.
- He told researchers he only learned of the infections in May after a lawyer referred him to Citizen Lab for a phone check.
- NSO Group did not respond to requests for comment from Citizen Lab or reporters.
- The European Parliament did not address Kouloglou's situation directly but said spyware-screening tools have been available to members since 2022.
- A follow-up report adopted by parliament last month called for extending that screening to every device MEPs use for parliamentary business.
Implications for Democratic Institutions
Kouloglou called the intrusion "reckless" and said he intends to sue NSO Group. German MEP Hannah Neumann called for parliament to finally implement the committee's original recommendations, which have largely sat untouched since 2023. Ron Deibert, Citizen Lab's director, described the case as "ironic" given Kouloglou's role investigating the same technology used against him, and warned that an unregulated spyware industry corrodes trust in democratic institutions.
The PEGA committee's 2023 report concluded that Pegasus and comparable tools were misused in Poland, Hungary, Greece and Spain, and called for tighter EU-wide controls on their sale and use. Little of that has translated into binding law. A separate case out of Bulgaria, where leaked export licenses showed a Sofia-based NSO affiliate shipping surveillance equipment to intelligence agencies from Azerbaijan to the UAE, suggests the enforcement gap has only widened. Even outside the Pegasus market, cheaper commercial spyware sold to European law enforcement, like the fake WhatsApp app built by Italy's SIO, shows how far the underlying problem has spread beyond a single vendor. Kouloglou's case adds a personal detail to what has largely been an abstract policy fight, demonstrating that the people who documented spyware abuse were plausible targets for the tool they were scrutinizing.
Fact check
-
Stelios Kouloglou's iPhone was infected with Pegasus spyware three times while he served on the PEGA committee.
verified · source
-
The infections occurred in October 2022 and March 2023.
verified · source
-
The exploit used a zero-click method requiring no action from the target.
verified · source
-
No country has been identified as the operator of the attack.
verified · source
-
The PEGA committee's 2023 report concluded Pegasus was misused in Poland, Hungary, Greece and Spain.
verified · source
Source reporting (4)
- The Next Web · EU lawmaker who investigated spyware abuse was hacked with Pegasus
- TechCrunch · Politician who investigated spyware abuses had his phone hacked with Pegasus spyware
- WIRED · EU Politicians Investigated Pegasus Spyware. Then It Ended Up on One of Their Phones
- CyberScoop · Someone infected a spyware probe overseer with spyware
Join the conversation
You need to be registered and logged in to comment on blog articles.
0 Comments
No comments yet
Be the first to share your thoughts on this article.