Back to Home
Public Affairs
4 Juli 2026
1

European Politician Investigating Spyware Hacked with Pegasus

This incident represents a severe escalation in the ongoing battle against commercial spyware, demonstrating a willingness to target even those tasked with investigating its abuses. It directly undermines democratic processes and the ability of elected officials to conduct their duties without fear of illicit surveillance. The lack of accountability for such attacks poses a significant threat to privacy, human rights, and the integrity of governmental oversight in the digital age.

By NeuraFeed

European Politician Investigating Spyware Hacked with Pegasus

A European politician, Stelios Kouloglou, had his iPhone repeatedly compromised by NSO Group's Pegasus spyware while serving on an EU committee investigating spyware abuses. The attacks occurred during critical periods of the committee's work, raising significant concerns about the integrity of democratic oversight and the rule of law. This marks the first publicly identified instance of a member of the European Parliament's PEGA Committee being targeted with the very surveillance tool they were scrutinizing.

A Spy in the House of Investigators

In a startling revelation, Stelios Kouloglou, a former member of the European Parliament and a Greek investigative journalist, had his iPhone repeatedly hacked with Pegasus spyware during 2022 and 2023. This occurred while Kouloglou was actively serving on the European Parliament's PEGA Committee, a body specifically established to investigate the pervasive misuse of Pegasus and similar surveillance technologies. The timing of these intrusions, which coincided with key hearings and the drafting of the committee's reports, suggests a deliberate attempt to compromise the investigation itself.

The Citizen Lab, a research group at the University of Toronto, conducted a forensic analysis of Kouloglou's device, confirming the presence of the sophisticated spyware. This marks the first public identification of a PEGA Committee member being targeted with spyware while actively investigating surveillance tool abuses. The attacks utilized "zero-click" vulnerabilities in Apple's software, meaning Kouloglou's phone was compromised silently without any interaction from him.

Pegasus: A Tool of Intrusion and Controversy

Pegasus, developed by the Israeli company NSO Group, is a highly advanced cyber espionage software sold exclusively to governments and law enforcement agencies with the stated purpose of combating serious crime and terrorism. However, numerous reports have consistently shown its deployment against journalists, activists, political opponents, and even government officials worldwide. The spyware grants its operators extensive control over a target's phone, allowing remote access to messages, photos, contacts, and the ability to secretly activate the camera and microphone.

The revelations surrounding Pegasus led to the formation of the PEGA Committee in March 2022, following widespread media reports, including the Pegasus Project, which exposed how governments were using the spyware to surveil civil society members. The committee's mandate was to investigate the scope of spyware usage in contravention of EU law. The hacking of Kouloglou's phone during his tenure on this committee underscores the audacious nature of these surveillance operations and the significant challenges in regulating such powerful tools.

Implications for Democracy and Oversight

The targeting of a politician actively investigating spyware abuses has ignited outrage among European lawmakers. Members of the European Parliament have described the intrusion as a "direct attack on the rule of law" and a threat to democratic oversight. The potential for the spyware to have captured non-public information about committee activities, including confidential documents and internal deliberations, raises serious concerns about breaches of EU parliamentary confidentiality and privilege frameworks.

While Citizen Lab's report did not attribute the attacks to a specific government, it noted similarities between the first infection and a previous campaign targeting exiled Russian and Belarusian journalists and activists in Europe. Kouloglou himself has stated his intention to sue NSO Group, calling the hacking "reckless" and directly linked to his work. This incident highlights the urgent need for stricter regulations on spyware within the 27-member EU bloc, as previous recommendations for a spyware taskforce have yet to be adopted.