EU Parliament Spyware Investigator Hacked with Pegasus

Original: Espionage Against the European Parliament

Why This Matters

Confirms commercial spyware was used to surveil an EU body actively investigating that same spyware, raising urgent questions about parliamentary immunity and democratic oversight.

Citizen Lab reports that former MEP Stelios Kouloglou was repeatedly infected with NSO Group's Pegasus spyware while serving on the EU Parliament's PEGA Committee, which was established to investigate Pegasus abuses in Europe. The infections occurred during key committee activities between March 2022 and July 2023.

On July 3, 2026, the Citizen Lab at the University of Toronto published Report 194 revealing that Stelios Kouloglou — a former Greek MEP and investigative journalist — was hacked multiple times with NSO Group's Pegasus spyware while serving as a substitute member of the European Parliament's PEGA Committee (March 24, 2022 – July 18, 2023). The PEGA Committee was established in March 2022 to investigate the use of Pegasus and equivalent spyware by European governments following the 2021 Pegasus Project revelations. Through forensic analysis of Kouloglou's device, Citizen Lab determined that attackers likely gained access to confidential documents and committee deliberations, potentially breaching EU parliamentary confidentiality and privilege frameworks. The researchers did not attribute the infections to a specific government and found no evidence of Greek government involvement. However, they noted an overlap between the first infection and a previously identified Pegasus campaign targeting Russian and Belarusian-speaking exiled journalists and activists in Europe, suggesting a Pegasus customer authorized to operate across multiple European countries is responsible. Authors include John Scott-Railton, Bill Marczak, Bahr Abdul Razzak, Kate Pundyk, Siena Anstis, and Ron Deibert.

Source

citizenlab.ca — Read original →