EU Lawmaker Investigating Pegasus Spyware Was Secretly Hacked During Probe

A former European Parliament lawmaker investigating Pegasus spyware abuses was reportedly targeted with the same surveillance tool while serving on the PEGA Committee, raising new concerns over digital privacy and government spyware.

Jul 3, 2026 - 08:41
 1
EU Lawmaker Investigating Pegasus Spyware Was Secretly Hacked During Probe
Image Credit: Chatgpt

Security researchers have confirmed that a European politician was infected with Pegasus spyware while serving on a parliamentary committee investigating the misuse of the surveillance technology. The discovery has reignited concerns about governments' use of sophisticated spyware to monitor journalists, politicians, and critics.

Researchers at The Citizen Lab, the digital rights research group based at the University of Toronto, said that Greek journalist and former politician Stelios Kouloglou had his iPhone compromised during 2022 and 2023. According to the researchers, this is the first publicly confirmed case involving a member of the European Parliament’s PEGA committee—the body established to investigate spyware attacks allegedly carried out by European governments.

One current member of the European Parliament described the compromise of Kouloglou’s phone as a “direct attack on the rule of law” and urged the European Commission to introduce stronger restrictions governing the use of spyware throughout the European Union’s 27 member states.

Although lawmakers have only rarely been targeted with spyware, the timing of the attack has drawn particular attention. The alleged surveillance occurred while Kouloglou was helping investigate the very technology used to compromise his device, raising fresh questions about whether spyware intended for fighting serious crime has instead been deployed against journalists, elected officials, and political critics.

Citizen Lab did not identify which government was responsible for the attack. However, researchers said the Pegasus operator used the same email address previously linked to another campaign that targeted journalists across Europe. While the customer behind the attacks remains unknown, Citizen Lab noted that the reuse of the same Pegasus infrastructure suggests the operator had authorisation from NSO Group to deploy the spyware across multiple European countries.

In its report released on Friday, Citizen Lab said Kouloglou’s phone was first compromised in October 2022 and then infected at least twice more during March 2023 through an exploit targeting a vulnerability in Apple’s iPhone software. Although Apple had already released a security update addressing the flaw, the patch had not yet been installed on Kouloglou’s device. Researchers described the attack as a “zero-click” exploit, meaning the spyware was installed without requiring the victim to click a link or perform any action.

The exploit exploited a previously identified weakness in Apple’s smart home software on iPhones. According to Citizen Lab, the vulnerability enabled Pegasus to silently extract sensitive information from the device, including text messages, private communications, location information, photographs, and other personal data.

The timing of the October 2022 compromise also coincided with extensive email and text message discussions taking place during October and November, as the PEGA committee prepared an initial draft report examining alleged spyware abuses in Cyprus, Greece, Hungary, Poland, and Spain.

Citizen Lab also noted that the October intrusion occurred while Kouloglou was in hospital undergoing a scheduled surgical procedure. Researchers suggested that the spyware operators may have captured ambient conversations related to his medical care or to discussions with visitors during his stay.

According to the report, the same Pegasus operator compromised Kouloglou’s phone again on March 6 and 7, 2023, while he travelled from Athens to Brussels. Those attacks took place during a period of parliamentary committee hearings and only months before the committee finalised its written report.

Speaking by phone, Kouloglou said he believes he was targeted because of his role on the European Parliament committee investigating Pegasus spyware.

He said discovering that his phone had been compromised left him deeply upset.

“You realise all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments,” he said.

Kouloglou also confirmed that he intends to file legal action against NSO Group, the Israeli spyware developer behind Pegasus. The company remains largely prohibited from doing business with the U.S. government following an executive order issued during the Biden administration that banned the use of commercial spyware found to pose risks to human rights.

Last year, NSO Group acknowledged that an unnamed American investment group had injected tens of millions of dollars into the company, a move widely viewed as part of broader efforts to rebuild the firm’s reputation after years of controversy surrounding alleged human rights abuses linked to its technology.

Kouloglou said he chose to speak publicly about the incident because he believes it affects democratic institutions and public accountability.

“I’m doing this for democracy, human rights, and the fight against corruption,” he said.

“Corruption concerns everybody.”

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0
Shivangi Yadav Shivangi Yadav reports on startups, technology policy, and other significant technology-focused developments in India for TechAmerica.Ai. She previously worked as a research intern at ORF.