MEP Investigating Spyware Hacked with Pegasus β Again
A former member of the European Parliament, **Stelios Kouloglou**, was repeatedly targeted and infected with **Pegasus** spyware while serving on the very committee tasked with investigating the technology's misuse. Digital forensic researchers at **Citizen Lab** confirmed the infections, highlighting a profound disregard for democratic oversight and raising serious questions about the ongoing threat of commercial spyware.
# MEP Investigating Spyware Hacked with Pegasus β Again
A phone belonging to **Stelios Kouloglou**, a former member of the European Parliament, was targeted and infected with **Pegasus** spyware multiple times during his tenure on the parliamentary committee probing the technologyβs misuse. This concerning development was revealed in a new report from **Citizen Lab**.
**Kouloglou's** device, a powerful zero-click spyware, was compromised in October 2022 and again in March 2023. At the time of these infections, the so-called **PEGA Committee**, which included **Kouloglou**, was conducting sensitive work related to its planned recommendations for tackling the rampant abuse of commercial spyware in Europe.
## A Threat to Democratic Scrutiny
The **PEGA Committee** released its recommendations in May 2023, but the European Commission has largely ignored them. **Citizen Lab** researcher **John Scott-Railton**, along with dozens of politicians and experts, has called this inaction inexcusable.
**Scott-Railton** warned of future incidents, stating, βI know what the next chapter of this story is β it's going to be more hacked members of parliament, and I would bet that there are members of the European Parliament today walking around with no idea that their phone in their pocket has been turned into a spy.β
**Kouloglou**, a longtime investigative reporter, suspects the Greek government is responsible for the hacks, though **Citizen Lab** found no direct indications to support this. Greece has previously been embroiled in a spyware scandal involving **Intellexa** technology, not **NSO Group's Pegasus**.
A spokesperson for the **NSO Group**, the company behind **Pegasus**, did not respond to requests for comment. Commercial spyware makers typically claim their products are limited to criminal investigations and anti-terrorism operations.
## Link to Other Incidents
**Citizen Lab** believes the same **Pegasus** customer is responsible for both the 2022 **Kouloglou** incident and a series of spyware infections revealed in a May 2024 report. The latter incidents involved attacks on devices belonging to seven Russian and Belarusian-speaking journalists and opposition figures between August 2020 and January 2023.
Crucially, the same email used for targeting **Kouloglou** was deployed in the Belarusian and Russian attacks during the same timeframe. **Citizen Lab** notes that emails used for targeting are unique to specific operators, strongly suggesting the same government is behind both sets of hacks.
Only a limited number of **Pegasus** customers have licensing that permits hacks in multiple countries, further narrowing the pool of potential culprits.
**Kouloglou** brought his phone to **Citizen Lab** in May 2026. Researchers found evidence that he had received three **Apple** threat notifications about potential spyware in recent years, which he reported never seeing.
## 'Total Disregard' for European Democracy
While phones of European Parliament members have been compromised before, the fact that this hack targeted a member of the committee specifically investigating **Pegasus** is particularly alarming. **Hannah Neumann**, a representative of the Green Party from Germany and negotiator on the **PEGA Committee**, emphasized how spyware poses a direct threat to democracy.
βThe country responsible spied on a member of the European Parliament while that member was investigating spyware abuse,β **Neumann** said. βIt shows a total disregard for Parliamentariansβ role to scrutinize and, as such, for European democracy.β
The initial spyware attack on **Kouloglou's** phone occurred during a critical period for the **PEGA Committee**, less than a week before a series of hearings and as a draft report was being prepared. The second attack also coincided with intense discussions among committee members about the final report.
**Neumann** has expressed frustration with the European Commissionβs inaction on spyware, fearing that even this latest episode will not lead to the implementation of the committeeβs proposed reforms. She attributes the Commission's failure to act to national governments valuing spyware's intelligence and law enforcement uses.
βItβs totally absurd that nothingβs being done, but still there is this fake notion of spyware contributing to security, when in fact it undermines security,β **Neumann** concluded.
For his part, **Kouloglou** plans to sue **NSO**. He remarked on the profound loss and invasion of privacy: βIn my phone, there were 15 years of photos, messages, you name it, messages with the prime ministers, with the members, the leaders of the different political parties and journalists. β¦ Everything.β