
EU lawmaker probing Pegasus spyware was himself targeted with Pegasus, report finds
A former MEP tasked with investigating Pegasus spyware was infected multiple times while serving on the very committee looking into its abuse, Citizen Lab reveals.
The hacking of Kouloglou
Stelios Kouloglou, a Greek journalist and former MEP, was infected with Pegasus spyware at least three times between October 2022 and March 2023, according to a Citizen Lab report released on 3 July 2026. The infections occurred while he served on the European Parliament's PEGA Committee, the body established to investigate illegal spyware use in the EU.
I was not expecting that a PEGA member would be spied on by Pegasus. I was not expecting that they would be as reckless as that.
Forensic analysis of his iPhone in May 2026 found traces of the spyware on two occasions: 21 October 2022 and 6-7 March 2023. Apple also sent threat notifications to Kouloglou on 2 March 2023, 29 August 2023, and 10 April 2024, months after the breaches.
The committee's work undermined
The first infection coincided with preparations for research missions to Greece, Cyprus and Spain, and occurred while Kouloglou was in hospital receiving a visit from journalist Thanasis Koukakis, another spyware victim. The second struck as Kouloglou traveled to Brussels to finalise the committee's report. The spyware could have exposed private emails, text messages and other confidential parliamentary communications.
Without a doubt the hacking had to do absolutely with my status as member of the PEGA Committee.
- First Pegasus infection of Kouloglou's iPhone
- Apple sends threat notification of possible Pegasus breach
- Second Pegasus infection while traveling to Brussels for final report discussions
- Citizen Lab publishes report identifying the hacks
No attribution yet, but clues
Citizen Lab did not attribute the hacking to a specific government. It found no evidence that the Greek government was responsible. However, the report notes overlaps with a previously documented Pegasus campaign targeting exiled Russian- and Belarusian-speaking journalists and activists in Europe, suggesting an NSO Group customer authorised to deploy the tool across multiple European countries may be behind the operation.
Reactions and consequences
NSO Group did not comment on the findings. The European Parliament said spyware screening tools have been available to all lawmakers since 2022 and a recent report called for their extension to all devices used for parliamentary business. Citizen Lab senior researcher John Scott-Railton described the episode as emblematic of pervasive spyware abuse.
It's open spyware season on Europe's lawmakers.
The revelation marks the first publicly documented case of an active PEGA Committee member being targeted with Pegasus while investigating the very same technology. NSO remains blacklisted by the US government and recently lost a legal battle to Meta over WhatsApp hacking.


