Pegasus Spyware Infected EU Parliament Member Probing Surveillance Abuses
A former European Parliament member, Stelios Kouloglou, was repeatedly infected with Pegasus spyware while serving on a committee investigating the misuse of such surveillance tools.

A phone belonging to Stelios Kouloglou, a former member of the European Parliament, was infected with the potent Pegasus spyware on two separate occasions in October 2022 and March 2023. These intrusions occurred while Kouloglou was actively participating in the Parliament's Pega-committee, a body tasked with investigating the widespread abuse of commercial spyware across Europe. The timing of these attacks, particularly the second infection occurring just before the committee prepared to release its findings, raises serious concerns about potential state-sponsored surveillance aimed at silencing critics and disrupting legislative oversight.
The Pega Committee ultimately released its recommendations in May 2023, but Kouloglou and other experts, including Citizen Lab researcher John Scott-Railton, have expressed dismay at the European Commission's perceived inaction on the committee's findings. Scott-Railton warned that such incidents are likely to continue, stating, "I know what the next chapter of this story is — it's going to be more hacked members of parliament, and I would bet that there are members of the European Parliament today walking around with no idea that their phone in their pocket has been turned into a spy."
Kouloglou, a former investigative reporter, has publicly stated his belief that the Greek government is responsible for the hacks, although Citizen Lab has not indicated any evidence to support this specific attribution. Greece has previously been implicated in spyware scandals, though those incidents involved technology from Intellexa, not the NSO Group, the developer of Pegasus. NSO Group, like other commercial spyware vendors, typically asserts that its products are sold only for legitimate law enforcement and counter-terrorism purposes.
Further analysis by Citizen Lab suggests a connection between the attacks on Kouloglou and a series of spyware infections targeting seven Russian and Belarusian-speaking journalists and opposition figures between August 2020 and January 2023. The same unique email used to target Kouloglou was also employed in these earlier Belarusian and Russian attacks. This overlap, coupled with the fact that only certain Pegasus customers have licenses for multi-country operations, strongly implies that the same government entity is responsible for both sets of attacks.
The digital forensics report indicates that Kouloglou's phone was brought to Citizen Lab for examination in May 2026. Researchers discovered evidence that Kouloglou had received three Apple threat notifications regarding potential spyware infections in recent years, which he had not seen. The fact that a member of a committee specifically investigating spyware abuses was targeted underscores the pervasive threat that such tools pose to democratic processes and political discourse.
Hannah Neumann, a German Green Party representative and negotiator on the PEGA Committee, emphasized the gravity of the situation, stating, "It shows a total disregard for Parliamentarians’ role to scrutinize and, as such, for European democracy." She criticized the European Commission's failure to act on the committee's recommendations, attributing it to national governments valuing the intelligence and law enforcement capabilities offered by spyware. Neumann lamented the "absurd" inaction, contrasting the purported security benefits of spyware with its actual undermining of security.
Kouloglou has announced his intention to sue NSO Group over the intrusions. He described the profound personal impact of the breach, noting that his phone contained "15 years of photos, messages, you name it, messages with the prime ministers, with the members, the leaders of the different political parties and journalists. … Everything."
The new article reveals that the spyware infections on Stelios Kouloglou, a substitute member of the European Parliament's PEGA Committee, occurred twice in 2022 and 2023 during critical periods of the committee's work. These infections happened while the committee was preparing for significant hearings and drafting its final report, underscoring the sensitive nature of the information potentially targeted.