DMR News

Advancing Digital Conversations

Former EU Lawmaker Investigating Pegasus Was Hacked With the Spyware

ByJolyen

Jul 5, 2026

Former EU Lawmaker Investigating Pegasus Was Hacked With the Spyware

Citizen Lab has confirmed that former European Parliament member Stelios Kouloglou was repeatedly hacked with NSO Group’s Pegasus spyware while serving on a committee investigating surveillance abuses. Researchers said the infections may have exposed confidential documents, private communications and internal committee deliberations.

Kouloglou, a Greek investigative journalist and former politician, served as a substitute member of the European Parliament’s PEGA Committee from March 2022 to July 2023. The committee examined the use of Pegasus and similar commercial spyware across the European Union.

Attacks Coincided With Committee Deliberations

Citizen Lab said in its official report that Kouloglou’s iPhone was infected around October 21, 2022, and again on March 6 and 7, 2023. The first infection occurred as committee members were exchanging messages and emails about hearings, country visits and an initial report covering alleged spyware abuses in Cyprus, Greece, Hungary, Poland and Spain.

Kouloglou was in hospital for planned surgery during the October attack. Citizen Lab said Pegasus may have been able to access health information, conversations in his room, messages, photographs, location data and other information stored on the phone.

The March infections occurred as Kouloglou travelled from Athens to Brussels during discussions about the committee’s final report. The PEGA Committee adopted its first report about two months later.

Zero-Click Exploit Required No User Action

Researchers said the attacker used PWNYOURHOME, a zero-click exploit targeting Apple’s HomeKit and messaging software. The method allowed Pegasus to compromise the device without Kouloglou clicking a link or opening a malicious file.

Apple later patched the vulnerabilities involved. Kouloglou also received several Apple warnings about possible mercenary spyware targeting in 2023 and 2024, although he told researchers that he did not remember seeing them.

Citizen Lab did not identify the government or agency responsible and said it found no evidence linking the attack to the Greek government. However, researchers found that the October infection used the same malicious email address connected to an earlier Pegasus campaign against Russian and Belarusian journalists and activists living in Europe.

That overlap suggests the same NSO Group customer may have been authorised to conduct surveillance in several European countries. Citizen Lab could not determine whether the March attacks came from the same operator.

Kouloglou Plans Legal Action

Kouloglou described the compromise as reckless and said he believed his committee work was the likely reason he was targeted. He told TechCrunch that he plans to sue NSO Group.

The European Parliament said its security teams regularly monitor threats and that spyware-screening tools have been available to lawmakers since 2022. Citizen Lab called for an immediate investigation and urged former PEGA members and staff to submit their devices for forensic examination.


Featured image credits: Olivier Hansen via Wikimedia Commons
For more stories like it, click the +Follow button at the top of this page to follow us.

Jolyen

As a news editor, I bring stories to life through clear, impactful, and authentic writing. I believe every brand has something worth sharing. My job is to make sure it’s heard. With an eye for detail and a heart for storytelling, I shape messages that truly connect.

Leave a Reply

Your email address will not be published. Required fields are marked *