Pegasus Spyware Hacked the EU Lawmaker Investigating Pegasus Spyware

03.07.2026 6
Pegasus Spyware Hacked the EU Lawmaker Investigating Pegasus Spyware

Pegasus spyware was used to hack the phone of Stelios Kouloglou, a former Greek member of the European Parliament who served on the PEGA committee set up specifically to investigate abuses of Pegasus and similar surveillance tools, Citizen Lab confirmed on July 2, 2026.

Forensic analysis of Kouloglou's iPhone found infections in October 2022 and again in March 2023, while he was actively sitting on the committee tasked with exposing exactly this kind of spyware abuse across the EU.

Who Is Stelios Kouloglou and What Is PEGA?

Kouloglou, a Greek investigative journalist turned politician, served as a substitute member of the European Parliament's PEGA committee from March 2022 to July 2023. PEGA was created to investigate how EU governments abused Pegasus and equivalent spyware, producing draft reports on alleged abuses in Cyprus, Greece, Hungary, Poland, and Spain. Kouloglou requested the forensic exam himself after growing suspicious, and Citizen Lab published its findings as Report 194.

How the Hack Happened

The first infection, on October 21, 2022, used PWNYOURHOME, a zero-click exploit chain targeting a vulnerability in Apple's smart home software - no click, download, or interaction from Kouloglou was required. A second infection followed in early March 2023. Citizen Lab says the intrusions could have exposed confidential committee documents and internal deliberations, alongside Kouloglou's personal messages and photos.

  • Target: Stelios Kouloglou, former MEP and PEGA committee member.
  • Spyware: NSO Group's Pegasus, delivered via the PWNYOURHOME zero-click exploit.
  • Infections: October 21, 2022, and March 6-7, 2023.
  • Discovery: Citizen Lab forensic analysis, requested by Kouloglou, published July 2026.

A Trail Back to Russian and Belarusian Journalists

Citizen Lab has not attributed the hacking to a specific government and says there is no evidence the Greek government was involved. But it found a technical overlap: the same HomeKit-linked email address used in Kouloglou's first infection also appeared in a previously documented Pegasus campaign targeting Russian and Belarusian-speaking exiled journalists and activists elsewhere in Europe. That points to a single Pegasus customer holding licenses to operate across multiple European jurisdictions, rather than an isolated Greek operation.

EU Reaction and Renewed Calls for Limits

Kouloglou called the intrusion "reckless," telling reporters it exposed not just professional exchanges with ministers but private moments with family. A sitting European lawmaker described the hack as "a direct attack on the rule of law" and pressed the European Commission to impose strict limits on spyware use across member states. The Commission did not respond to press requests for comment.

Important: Pegasus infections like this one are zero-click - they require no action from the victim and often leave no visible trace, which is why independent forensic analysis (as Citizen Lab performed here) is currently the only reliable way to detect them.

Cases like this are a reminder that even lawmakers investigating surveillance abuse are not exempt from it - and that everyday tools like VPNs, while they cannot stop a zero-click spyware exploit, remain one of the few layers ordinary journalists and activists have to make network-level tracking harder for the same operators.

Conclusion: A member of the very committee built to investigate Pegasus abuse was hacked with Pegasus while doing that job - and the technical fingerprints tie the operation to a wider campaign against Russian and Belarusian journalists in exile. Two years after PEGA wrapped up its work, Europe still has no enforced limits on who gets to buy and use this kind of spyware.
Tags: vpn privacy surveillance cybersecurity security digital rights eu spyware

Read also