# A European Lawmaker Who Helped Probe Pegasus Spyware Just Found It On His Own Device

> Stefanos Kouloglou, who served on the European Parliament's PEGA Committee investigating Pegasus spyware, has been confirmed by Citizen Lab as a target of the same NSO Group malware, raising fresh alarm about surveillance of European lawmakers.

**Type:** article · **Category:** Security · **Published:** 2026-07-03 · **Source:** TrendKia
**Canonical:** https://trendkia.com/en/security/pegasus-spaiveyara-ki-paratala-karane-vale-sansada-ke-apane-phona-men-mila-yahi-jasusi-sophtaveyara-4334 · **Language:** English
**Tags:** Pegasus spyware, NSO Group, European Parliament, cyber espionage, Citizen Lab, Predator spyware, digital privacy

A Greek investigative journalist who spent nearly a decade in the European Parliament digging into the abuse of surveillance tools has just learned that his own phone was hacked with the very same spyware his committee was investigating. Stefanos Kouloglou, who served as a member of the European Parliament from 2015 to 2024, says he was blindsided when he found out his device had been compromised with Pegasus spyware, the surveillance tool built by Israeli firm NSO Group.

I was not expecting that, Kouloglou says of the moment he learned of the hack, describing a mix of shock and anger. Me being a member of the Pegasus Committee investigating Pegasus and at the same time being hacked by Pegasus, it was something really too reckless, he says.

## A First For The PEGA Committee
The finding was published on Friday by the University of Toronto's Citizen Lab, and it marks the first time a member of the European Parliament's PEGA Committee, the body set up specifically to investigate Pegasus and similar spyware, has been confirmed as a target of Pegasus while actively serving on that committee. Citizen Lab documented that Kouloglou's phone was targeted not once but multiple times.

Researchers say they cannot conclusively identify which government or entity carried out the attacks. But they stress that whoever did it would have potentially gained access to internal information about the committee's work and conclusions, something that could breach European Parliament confidentiality rules as well as violate personal privacy.

John Scott-Railton, a senior researcher at Citizen Lab, says that even though the targeting happened a few years back, the episode captures just how widespread, and how bold, spyware abuse has become across Europe and beyond. It's open spyware season on Europe's lawmakers, he says. The European Parliament, national parliaments, nobody is prepared.

NSO Group, the company behind Pegasus, did not respond to requests for comment on the findings. The firm was founded in Israel and remains headquartered there, though investors based in the United States took a majority stake in the company in 2025.

## How Pegasus Triggered A European Investigation
Europe's probe into Pegasus and other spyware tools dates back to 2022, and it grew largely out of what became known as the Pegasus Project, a collaborative investigation by more than a dozen media organizations and non-governmental groups examining a massive leak of data tied to NSO Group. That data exposed just how extensively, and how widely, Pegasus was being used around the world, showing that at least 180 journalists were reportedly among those targeted. NSO Group disputed those findings at the time.

Around the same period, Greece was consumed by a separate spyware controversy of its own, locally nicknamed Greece's Watergate, in which dozens of well-known journalists along with government and military officials were targeted using Predator spyware, a tool developed by the company Intellexa.

At the time, researchers argued that the Pegasus Project made clear that fighting spyware abuse would require cooperation between governments and the private sector, along with coordinated policy action, since technology alone could not solve the problem.

## The Committee's Own Work Became A Target
The new Citizen Lab findings involving Kouloglou show precisely why that warning mattered. The use of spyware not only violates the fundamental rights of the individuals concerned, but in this case also threatens the security and integrity of parliamentary work and of the European Parliament as a whole, says Saskia Bricmont, an MEP who sits on the PEGA Committee. It is a direct attack on the rule of law.

Citizen Lab's research does not name any specific government behind the attacks on Kouloglou, and notably found no indication that Greece's government was involved. It did, however, uncover overlaps between the attacks on his phone and separate Pegasus operations against seven Russian and Belarusian speaking journalists and activists between August 2020 and January 2023.

They did not only target an MEP, they spied on the investigation into spyware abuse itself. That shows the whole absurdity of the situation, says Hannah Neumann, a Green MEP who also served on the spyware committee.

A spokesperson for the European Parliament did not directly address the findings when questioned about them, but pointed out that the Parliament maintains a spyware screening system open to all MEPs and has recently rolled out additional measures to strengthen protections.

## A Hospital Visit, Then Two More Infections
According to Citizen Lab's timeline, Kouloglou's phone was first infected on October 21, 2022, while he was in the hospital recovering from elective surgery. During that stay, he was visited by Thanasis Koukakis, a Greek investigative journalist who had previously been targeted with Predator spyware himself. The following week, the PEGA Committee held a series of hearings examining how spyware affects human rights, and members of the committee, Kouloglou among them, traveled to Cyprus and Greece as part of the broader investigation.

The attacks did not stop there. On March 6 and 7, 2023, Kouloglou's phone was infected with Pegasus again. Neumann notes that the first infection came right as the committee was heading into a run of key hearings, including sessions where companies operating in the spyware industry were questioned directly.

By the time of the second round of infections in March 2023, the committee was in the process of finalizing its findings and negotiating over them. Looking at the dates, it's pretty obvious that somebody was not just randomly spying on him, but really targeted the committee's work, Neumann says.

For Kouloglou, the discovery cut deeper than politics. I got angry because you realize that your private life, including messages not only with politicians, friends, but your personal life with relatives, kids, wives, et cetera has been monitored by somebody, he says. It's not a matter only about privacy, it's also a matter about justice, democracy and the corruption fight.

## Warnings That Went Unnoticed
As part of its forensic review, Citizen Lab found that Kouloglou's phone had received three separate notifications from Apple, in March 2023, August 2023 and April 2024, each warning that he was likely being targeted by spyware. Apple's alerts are not sent in real time, and Kouloglou says he has no memory of ever seeing them.

Kouloglou, along with other MEPs, says he is worried that additional members of the committee may have been targeted as well, and that key recommendations from the group, including the creation of an EU-based technical lab dedicated to forensic analysis of devices and a dedicated spyware taskforce for elections, still haven't been put into practice years after the committee wrapped up its report.

## Can You Please Now Do It
Scott-Railton argues that the lack of follow-through carries real risk. Europe has a mountain of spyware abuses, and nothing has happened, it's an embarrassment for European institutions, he says. It leaves Europeans unprotected even as AI promises to turbocharge the mercenary spyware threat by lowering costs and barriers to entry. He adds that some countries, including the United States, have already made headway against spyware abuse through tools like sanctions, visa bans and executive orders.

Neumann says the problem was never a lack of understanding. There is no lack of awareness of the problems that come with mercenary spyware, she says. That's what the Pegasus Committee wrote the whole report about. There is no lack of recommendations on how to fix it. It's just a matter of, can you please now do it?

## What this means for you
- **For everyone:** The case shows that powerful spyware like Pegasus can target not just journalists and activists but even lawmakers tasked with investigating spyware abuse.
- **For smartphone users:** It underlines why alerts from companies like Apple warning of possible spyware targeting should be taken seriously, since Kouloglou says he never noticed the three warnings sent to him.

## Questions & Answers

### 1. Whose phone was hacked with Pegasus spyware?
Stefanos Kouloglou's, who served as a member of the European Parliament from 2015 to 2024 and was part of the PEGA Committee.

### 2. Who makes Pegasus spyware?
The Israeli firm NSO Group developed Pegasus spyware.

### 3. When was Kouloglou's phone infected?
First on October 21, 2022, while he was in the hospital, and again on March 6 and 7, 2023.

### 4. Has it been established who was behind the attacks?
Citizen Lab has no conclusive evidence, found no indication of Greek government involvement, and noted overlaps with Pegasus attacks on Russian and Belarusian speaking journalists and activists.

### 5. Who owns NSO Group now?
The company was founded in Israel and is still headquartered there, but United States based investors acquired a majority stake in 2025.

### 6. What did the PEGA Committee recommend, and has it been adopted?
It recommended an EU based tech lab for forensic device analysis and a spyware taskforce for elections, but these have not been adopted years after the committee's report.

---
_TrendKia — Har trend, sabse pehle.. Machine-readable view; canonical HTML at the URL above._