Former EU lawmaker probing spyware was hacked with Pegasus, researchers say
Citizen Lab said Stelios Kouloglou’s iPhone was infected at least three times during his work on the European Parliament’s spyware inquiry.
By Daniel Okafor · Business Editor
3 min read
A former European Parliament member who helped investigate the use of commercial spyware in the European Union had his own phone compromised with Pegasus, according to Citizen Lab. The finding raises questions about whether confidential parliamentary work on spyware abuse may have been exposed to an unknown operator.
Citizen Lab, a research group based in Toronto, said Friday that the iPhone of Stelios Kouloglou, a Greek investigative journalist and former MEP, was infected at least three times in 2022 and 2023. Kouloglou served in the European Parliament from 2015 to 2024, according to Al Jazeera.
The infections took place when Kouloglou was in Athens and Brussels, Citizen Lab said. The group said the timing overlapped with his role on the European Parliament’s PEGA Committee, which was set up in 2022 to examine the unlawful use of Pegasus and other surveillance tools inside the EU.
Spyware inquiry targeted
The committee was created after disclosures that governments in the bloc had used Pegasus to monitor journalists, activists, politicians and other citizens, according to Al Jazeera. Citizen Lab said Kouloglou received Apple threat notifications warning of possible Pegasus attacks after the intrusions, but months after each incident.
Kouloglou asked Citizen Lab in May to carry out a forensic review of his phone, the group said. Al Jazeera said he did not immediately respond to its request for comment.
Citizen Lab did not identify who was behind the hacking. The group said it found no evidence indicating that the Greek government was responsible.
In its report, Citizen Lab said the case showed the risk that paid spyware tools pose to democratic institutions. The group said the infections may have exposed private communications among PEGA Committee members, staff and other sensitive parliamentary proceedings, including material linked to entities under review by the committee.
NSO Group under scrutiny
Pegasus is made and sold by NSO Group, an Israeli cyber company based in Herzliya, according to Al Jazeera. The tool can give an operator covert access to a phone’s messages, photos, contacts, camera and microphone, Al Jazeera reported.
NSO Group says Pegasus is intended for law enforcement and intelligence agencies pursuing criminal groups, according to Al Jazeera. The spyware has also been used against journalists, lawyers, dissidents and government officials, Al Jazeera reported.
The administration of US President Joe Biden blacklisted NSO Group in 2021, saying the company had acted against US foreign policy and national security interests, according to Al Jazeera. A US judge last year also barred NSO Group from targeting WhatsApp, finding that its software caused direct harm, Al Jazeera reported.
NSO Group did not immediately respond to Al Jazeera’s request for comment. The company has previously said it screens customers carefully and has ended contracts with clients found to have misused its products.
The European Commission also did not immediately respond to inquiries, according to Al Jazeera.
Rand Hammoud, director of the security, surveillance and human rights programme at the Center for Democracy and Technology Europe, told Al Jazeera that the reported targeting of a PEGA Committee member raised serious concerns for democratic oversight in Europe. Hammoud described the attacks as part of a wider failure to control the commercial spyware market.
German MEP Hannah Neumann, who also served on the PEGA Committee, said on X that the European Parliament should investigate the breaches immediately. Neumann wrote that spyware weakens democratic oversight, parliamentary independence and the rule of law.
This story draws on original reporting from Al Jazeera.