Pegasus spyware targeted EU lawmaker investigating surveillance abuses

03 July 2026 , 11:08
408     0
Pegasus spyware targeted EU lawmaker investigating surveillance abuses
Pegasus spyware targeted EU lawmaker investigating surveillance abuses

NSO Group’s hacking software was repeatedly used against a member of the European parliament while he was conducting an investigation of spyware abuses in Europe, according to a new report.

Researchers at the Citizen Lab at the University of Toronto said they could not attribute the attacks against Stelios Kouloglou to any particular government operator of Pegasus spyware. But their investigation found the attack against the Greek now-former MEP bore the hallmarks of a previous hacking campaign against exiled Russian and Belarusian journalists in Europe.

“When you realise your private life is scrutinised by very bad people, you become angry,” Kouloglou, who is also a journalist and left parliament in 2024, said in an interview. “It’s a big issue having to do with corruption, justice and democracy.”

At the heart of Citizen Lab’s new report lies Kouloglou’s work for a special European parliamentary committee known as Pega, which was established in March 2022 after the publication of the Pegasus Project by the Guardian and a consortium of media outlets.

The Pegasus Project revealed how journalists, activists, politicians and other members of civil society were being targeted by governments using Pegasus, which is made by the Israel-based NSO Group and sold to governments around the world for the purposes of stopping serious crime and terror attacks. Pega’s mission in 2022 was to investigate the scope of how spyware was being used in contravention of EU law.

Kouloglou, a journalist who was first elected to the European parliament as a member of the Syriza party, joined the Pega committee in March 2022. His mobile device was first infected, Citizen Lab said, about seven months later, on 21 October 2022, in what was described as a “particularly intense period of activity” in Pega’s deliberations and investigations, including the drafting of the committee’s first report.

NSO did not respond to a request for comment.

The hacking coincided with Kouloglou’s admittance to a hospital for elective surgery, where he was visited by a Greek investigative journalist, Thanasis Koukakis.

Koukakis was at the time working on mercenary spyware stories in Greece, following a major scandal known as the “Greek Watergate”, which involved the illegal targeting of more than 80 people in Greece, including politicians, journalists and military officials. Koukakis was among the targeted victims and had earlier testified about his experience in front of the Pega committee.

Kouloglou’s device was hacked again, Citizen Lab said, on 6 and 7 March 2023, when Pega was involved in intensive discussions related to the final drafting of its report. The hacking coincided with Kouloglou travelling from Athens to Brussels.

Citizen Lab said the revelations in their report marked the first time that a member of the Pega committee is known to have been targeted with spyware. And it comes as the committee’s recommendations have essentially been ignored, said John Scott-Railton, a senior researcher at Citizen Lab.

He said: “This case is the ultimate irony of Europe’s spyware crisis. Someone on the very committee tasked with investigating Pegasus gets infected by it. And what has happened since? The parliament looks the other way when new European spyware abuses emerge.

“I can tell you how the next chapter will go: more hacked parliamentarians. In fact, I suspect there are members voting and attending high-level meetings with no idea that their phone has been turned into a spy in their pocket.”

While Citizen Lab could not pinpoint the probable government client that used the spyware against the then MEP, researchers said they believed the same operator who targeted him also targeted seven Russian and Belarusian-speaking independent journalists and opposition activists based in Europe, who were found to have been targeted or infected with Pegasus spyware.

The researchers identified a unique Apple ID email used in the attacks, which suggests they were by the same government client. The client also probably had licences to operate in Belgium and Greece, Citizen Lab said.

Editorial Team

David Wilson

Politics Editor

Human rights, Journalists, Privacy, Surveillance, Spyware, Cybersecurity, Belgium, Greece, European Union, NSO Group, Pegasus spyware, European Parliament, Thanasis Koukakis, John Scott-Railton, Stelios Kouloglou

Read more similar news:

01.02.2023, 01:17 • News
UK and EU reach customs deal that could end Northern Ireland logjam, says report
01.02.2023, 11:15 • Politics
Rishi Sunak must suspend Dominic Raab during bullying inquiry says union chief
01.02.2023, 12:37 • Politics
Rishi Sunak blasted for Tory 'addiction to sleaze' and being 'weak' over Raab
01.02.2023, 18:01 • Politics
Dominic Raab could resign to avoid investigation into bullying, accusers fear
04.02.2023, 10:54 • Politics
Brexit geniuses stay silent as we lose out by £100bn per year
07.02.2023, 22:23 • World
Baby born after Syria earthquake brings gift of life amid death and destruction
09.02.2023, 12:05 • Sport
European Super League list 10 rules to implement in attack on Premier League
09.02.2023, 17:24 • Crime
Bungling ministers pay £2.3bn after allowing criminal gangs to flog cheap goods
09.02.2023, 18:46 • Politics
Pressure mounts on Rishi Sunak to send jets to Ukraine as EU leaders 'ready'
12.02.2023, 12:10 • Politics
Brexit 'failings' discussed at cross-party talks with minister Michael Gove