Former Member of the European Parliament Stelios Kouloglou was repeatedly targeted with the Pegasus spyware while serving on a parliamentary committee investigating abuses involving the tool.
As Politico reports, the findings are detailed in a new digital forensic investigation.
Researchers at Citizen Lab at the University of Toronto found that Kouloglou’s phone was infected with Pegasus on at least two occasions: 21 October 2022 and 6–7 March 2023. Both incidents occurred during key stages of the work of the European Parliament’s PEGA special committee, which was investigating the use of spyware.
This is the first publicly documented case of a sitting member of the committee being targeted with Pegasus — the spyware developed by NSO Group and used to surveil politicians around the world, including senior European Union officials.
Kouloglou told POLITICO that both incidents occurred during periods of intensive preparation for the committee’s work. During the first infection in October 2022, lawmakers were preparing fact-finding missions to Greece, Cyprus and Spain as part of the investigation into those governments’ alleged use of spyware.
According to the report, Pegasus most likely gave the attackers access to Kouloglou’s personal emails, text messages and other communications related to the committee’s work, potentially resulting in the disclosure of confidential parliamentary information.
The second infection occurred in March 2023, as lawmakers were finalising the committee’s report. Kouloglou, who worked as an investigative journalist before being elected to the European Parliament, had arrived in Brussels to discuss the document’s final wording.
“I have no doubt at all that this hack was directly linked to my status as a member of the PEGA committee,” Kouloglou said.
The researchers do not attribute responsibility for the attack to any specific government. At the same time, the report notes similarities with a previously documented Pegasus campaign targeting Russian- and Belarusian-speaking journalists and activists living in exile across Europe.
According to the authors, this suggests that the operation was likely carried out by one of NSO Group’s clients authorised to use Pegasus in several European countries.
- In 2022, the Pegasus and Candiru spyware programmes were found on the phones of members of the Catalan independence movement, including EU politicians.
- That same year, another spyware tool, Predator, was discovered on the devices of Greek opposition leader Nikos Androulakis, as well as other political and public figures in the country.
- Spyware was also used in an attempt to compromise the devices of Roberta Metsola, and traces of spyware were found on the phones of some politicians and staff members of the European Parliament’s Subcommittee on Security and Defence.
- In 2022, members of the European Parliament established a special investigative committee to examine a series of spyware scandals in Spain, Greece, Hungary and Poland. The committee concluded that at least four EU governments had misused hacking tools for political purposes.