Spyware found on phone of European Parliament member probing it
A phone belonging to a former member of the European Parliament was targeted and infected with Pegasus spyware multiple times during his tenure on the parliamentary committee probing the technology’s misuse, according to a report released Friday.
Stelios Kouloglou’s phone was infected with Pegasus, a powerful zero-click spyware, in October 2022 and again in March 2023, digital forensic researchers at the Citizen Lab assert in the report.
At the time of the infections, the so-called PEGA Committee, which included Kouloglou, was conducting sensitive work relating to its planned recommendations for tackling rampant abuse of commercial spyware in Europe.
The PEGA Committee released its recommendations in May 2023, but the European Commission has largely ignored them, a failing that Citizen Lab researcher John Scott-Railton — along with dozens of politicians and experts — have called inexcusable.
“I know what the next chapter of this story is — it's going to be more hacked members of parliament, and I would bet that there are members of the European Parliament today walking around with no idea that their phone in their pocket has been turned into a spy,” Scott-Railton said in an interview.
Kouloglou, also a longtime investigative reporter, told Recorded Future News he believes the Greek government is responsible for the hacks. The Citizen Lab said it has no indications that is true. Kouloglou represented Greece in parliament from 2015 to 2024.
Greece has long been embroiled in a spyware scandal, but the technology used in those hacks was manufactured by Intellexa and not the NSO Group, the company behind Pegasus.
A spokesperson for the NSO Group did not respond to a request for comment. Commercial spyware makers generally claim that they limit their products to missions like criminal investigations and antiterrorism operations.
Link to other incidents
The Citizen Lab believes the same Pegasus customer is responsible for both the 2022 Kouloglou incident and a series of spyware infections that the organization revealed in a May 2024 report. The latter incidents were attacks on devices belonging to seven Russian and Belarusian-speaking journalists and opposition figures between August 2020 and January 2023.
Additionally, the same email used against Kouloglou was deployed in the Belarusian and Russian attacks during the same time frame, the Citizen Lab said.
Emails used for targeting are unique to specific operators, the Citizen Lab said, meaning that the government behind the Kouloglou hack almost definitely is responsible for the Belarusian and Russian hacks, the report said.
Only some Pegasus customers have licensing allowing hacks in multiple countries, the report said, narrowing down the pool of potential culprits.
Kouloglou brought his phone to Citizen Lab to be checked in May 2026. Scott-Railton and other researchers said they found evidence that Kouloglou had received three Apple threat notifications about potential spyware in recent years, but he said he never saw them, according to the report.
‘Total disregard’
While phones belonging to members of the European Parliament have been infected with spyware in the past, the fact that this hack impacted a member of the committee investigating Pegasus underscores how spyware is a threat to democracy, according to Hannah Neumann, a representative of the Green Party from Germany who also was the negotiator on the PEGA Committee.
The country responsible “spied on a member of the European Parliament while that member was investigating spyware abuse,” Neumann said in an interview. “It shows a total disregard for Parliamentarians’ role to scrutinize and, as such, for European democracy.”
The initial spyware attack on Kouloglou’s phone came amid a frenetic period for the PEGA Committee. The spyware was launched less than a week prior to a series of hearings and as the committee prepared for the release of a draft report.
The second time Kouloglou’s phone was attacked also came amid intense discussions among committee members about the final report, according to the Citizen Lab.
Neumann has been frustrated by the Commission’s inaction on spyware and said she fears that even this episode won’t lead to an implementation of her committee’s proposed reforms.
The Commission has failed to act due to how national governments value spyware’s intelligence and law enforcement uses, according to Neumann.
“It's totally absurd that nothing's being done, but still there is this fake notion of spyware contributing to security, when in fact it undermines security,” Neumann said.
For his part, Kouloglou says he plans to sue NSO.
“In my phone, there were 15 years of photos, messages, you name it, messages with the prime ministers, with the members, the leaders of the different political parties and journalists. … Everything.”
Suzanne Smalley
is a reporter covering digital privacy, surveillance technologies and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.



