Cybersecurity

Pegasus Spyware Targets European Parliament Investigator’s Phone

Stelios Kouloglou, a Greek member of the European Parliament’s PEGA Committee investigating Pegasus spyware abuses, was hacked multiple times with the very spyware under scrutiny, according to a forensic report by Citizen Lab. This unprecedented breach highlights a stark reality: even lawmakers probing spyware misuse are not immune to its invasive reach.

What Happened

In 2022, Kouloglou was actively involved in the PEGA Committee, a parliamentary body established to investigate the rampant use of the Pegasus spyware and similar tools against politicians, journalists, and public officials. During his investigation, Kouloglou’s iPhone became a target of Pegasus malware infections on several occasions, including an initial breach confirmed on October 21, 2022, while he was recovering from surgery in hospital.

Citizen Lab’s detailed analysis found multiple infections extending into March 2023, precisely when the committee was preparing for critical hearings and finalizing its findings on spyware abuses. The spyware, developed by the Israeli NSO Group, enabled unauthorized access to Kouloglou’s device, potentially compromising confidential information related to the committee’s work.

Key Facts

Citizen Lab’s report, published in mid-2026, revealed that:

  • Kouloglou’s phone was infected by Pegasus spyware at least twice, in late 2022 and early 2023.
  • Attacks coincided with key parliamentary activities investigating spyware abuse.
  • The spyware can access microphones, cameras, messages, contacts, and browsing data on iOS and Android devices.
  • Apple issued notifications alerting Kouloglou to possible spyware targeting on three occasions from March 2023 through April 2024, though he did not recall seeing them.
  • Citizen Lab could not definitively attribute the attacks to any government or entity, but found no indication implicating the Greek government.
  • NSO Group, the Pegasus developer, has denied prior allegations of misuse and did not comment on this specific case.
  • The findings mark the first known targeting of a PEGA Committee member by the spyware under investigation.

What This Means

The infection of an EU lawmaker’s phone during a parliamentary investigation represents a profound threat to democratic oversight and privacy protections. If spyware operators can infiltrate the devices of those tasked with exposing abuses, this undermines the integrity and confidentiality of parliamentary processes. It raises alarming questions about the security measures in place to protect elected officials from sophisticated cyber threats.

The revelations vividly illustrate how spyware has evolved from isolated attacks into pervasive digital weapons capable of targeting even the most security-conscious individuals. For European citizens, this incident signals vulnerabilities in digital sovereignty and governance, underscoring the urgent need for more robust cybersecurity frameworks, better spyware detection tools, and coordinated policy responses to limit surveillance abuses.

Background

Pegasus spyware first surfaced publicly in 2016 through Citizen Lab’s investigations, exposing a powerful mobile malware capable of remote device exploitation. Subsequent leaks, including the 2021 Pegasus Project, revealed widespread global abuses targeting at least 180 journalists alongside politicians and activists. This prompted the European Parliament to form the PEGA Committee in 2022 to examine the spyware’s deployment within and beyond Europe.

Simultaneously, Greece experienced a separate spyware scandal involving Predator spyware, highlighting a regional pattern of digital surveillance escalating around political and journalistic targets.

Analysis

John Scott-Railton, senior researcher at Citizen Lab, described the spyware targeting of Kouloglou as emblematic of how unabated spyware campaigns threaten lawmakers everywhere. “It’s open spyware season on Europe’s lawmakers,” he said, warning that neither the European Parliament nor national legislatures are adequately prepared.

MEP Saskia Bricmont, also a member of the PEGA Committee, condemned the attack as a direct assault on the rule of law and parliamentary integrity. Fellow committee member Hannah Neumann emphasized the absurdity of investigators being spied upon, calling for expedited adoption of the committee’s recommendations.

What Remains Unclear

The exact perpetrator behind the spyware infections remains unknown; Citizen Lab found no conclusive evidence linking these breaches to any specific state or actor. It is also unclear whether other PEGA Committee members faced similar attacks or if all those affected have been made aware of the compromises.

Details regarding the full scope of data accessed from Kouloglou’s device have not been publicly disclosed.

What Comes Next

In response to such threats, the European Parliament reportedly operates an internal spyware screening system available to members. However, critics note that few of the PEGA Committee’s proposed initiatives—such as creating a dedicated EU forensic tech lab and establishing election spyware taskforces—have been implemented. Advocates urge urgent action to adopt stronger protective measures and regulatory frameworks to mitigate spyware risks moving forward.

Sources

This article is based on reporting and publicly available information from the following sources:

Read more Cybersecurity stories on Goka World News.

Ethan Clarke
About the editor

Ethan Clarke

Ethan Clarke Role: Cybersecurity Editor Ethan Clarke covers cybersecurity incidents, data breaches, online threats, ransomware, software vulnerabilities, and digital safety. His reporting focuses on confirmed details, affected systems, official advisories, and practical context without making unsupported accusations.

View all posts by Ethan Clarke