Tue 07 Jul 2026 / 09:09 ET
Kernel
Internet 3 min read

Pegasus hit an EU lawmaker investigating Pegasus, researchers say

Citizen Lab says former MEP Stelios Kouloglou’s iPhone was infected during the European Parliament’s spyware inquiry.

Dana Voss

By Dana Voss / Security Correspondent

Pegasus hit an EU lawmaker investigating Pegasus, researchers say
img: WIRED

Stelios Kouloglou was helping the European Parliament investigate commercial spyware when his own iPhone was compromised with Pegasus, according to a new forensic report from the University of Toronto’s Citizen Lab.

Kouloglou, a Greek politician and longtime investigative journalist who served as a member of the European Parliament from 2015 to 2024, sat on the Parliament’s PEGA Committee in 2022. The committee examined the use of Pegasus and similar tools against politicians, business figures, law enforcement officials, journalists and others. Citizen Lab says Kouloglou’s phone was infected during that work.

The finding is ugly in the obvious way: a surveillance tool under parliamentary scrutiny may have been used to spy on a member of the committee doing the scrutiny. Citizen Lab says it has not identified the government or entity responsible. The researchers also said they found no indication that the Greek government was involved.

Pegasus, made by the Israeli company NSO Group, is the kind of malware sold as lawful interception tooling and experienced by targets as a pocket-sized wiretap. Citizen Lab first documented it in 2016. The spyware uses vulnerabilities in mobile operating systems to get onto iOS and Android devices, then can access messages, contacts, browsing data, photos and other personal information, and can turn on microphones and cameras.

According to Citizen Lab, Kouloglou’s phone was first infected on October 21, 2022, while he was in a hospital recovering from elective surgery. Greek investigative journalist Thanasis Koukakis, who had previously been hacked with Predator spyware, visited him that day. In the following days, the PEGA Committee held hearings on spyware and human rights, and members including Kouloglou traveled to Cyprus and Greece as part of the inquiry.

Citizen Lab says the same iPhone was infected again on March 6 and March 7, 2023. Hannah Neumann, a Green MEP who served on the committee, told WIRED that the first compromise came as the group was approaching major hearings involving companies in the spyware business. She said the March 2023 infections aligned with the committee’s work on negotiations and findings.

Citizen Lab also found that Apple sent Kouloglou three threat notifications, in March 2023, August 2023 and April 2024, warning that he was likely being targeted with spyware. Such alerts are not real-time warnings. Kouloglou told WIRED he does not remember seeing them.

The researchers said the attacks on Kouloglou overlapped with Pegasus activity previously tied to seven Russian- and Belarusian-speaking journalists and activists between August 2020 and January 2023. That overlap does not name an operator, and Citizen Lab did not claim it proves attribution.

John Scott-Railton, a senior researcher at Citizen Lab, told WIRED that the case shows how exposed European lawmakers remain to commercial spyware. MEP Saskia Bricmont, another PEGA Committee member, said in a statement to WIRED that spyware use in this case threatened both individual rights and the integrity of parliamentary work.

NSO Group did not respond to WIRED’s requests for comment. The company was founded in Israel and remains headquartered there, though United States-based investors acquired a majority stake in 2025, according to the report.

A European Parliament spokesperson did not comment directly on Citizen Lab’s findings, WIRED reported, but said Parliament has a spyware screening system available to all MEPs and has recently adopted measures to expand protections.

Kouloglou and other MEPs told WIRED they worry other committee members may also have been targeted. They also pointed to recommendations from the PEGA Committee that remain unimplemented, including an EU-based technical lab for device forensics and a spyware task force for elections. The policy homework was assigned years ago. The phones, apparently, did not wait.

This story draws on original reporting from WIRED.

More Internet/

view all ↗