EU Lawmaker Probing Pegasus Spyware Was Herself Hacked With Pegasus
A former Member of the European Parliament who served on a committee investigating commercial spyware abuse was herself repeatedly targeted with NSO Group's Pegasus spyware, according to a new report from Citizen Lab. Stelios Kouloglou, who sat on the PEGA Committee from March 24, 2022, to July 18, 2023, had his iPhone compromised on at least three occasions while actively investigating the very surveillance tools used against him. The researchers, including John Scott-Railton, Bill Marczak, Bahr Abdul Razzak, Kate Pundyk, Siena Anstis, and Ron Deibert, confirmed that the attackers could have had access to confidential documents and committee deliberations, raising serious concerns about the integrity of the European Parliament's own inquiry.
Forensic analysis of Kouloglou's iPhone, conducted in May 2026, revealed infections on October 21, 2022, and again on March 6 and 7, 2023, while the device was running iOS 15.5. The initial infection was traced to a zero-click exploit codenamed PWNYOURHOME, which weaponized a vulnerability in Apple's HomeKit smart home software. Two minutes after a suspicious HomeKit email lookup for "rauharepo888@gmail.com," a Pegasus process was observed consuming mobile data. Apple addressed the underlying flaw in iOS 16.3.1, but the same exploit chain was reused in the March 2023 campaign. Kouloglou also received Apple threat notifications on March 2, 2023, August 29, 2023, and April 10, 2024, warning that his device had been targeted with mercenary spyware.
Citizen Lab has not attributed the attacks to a specific government client, and no evidence implicates the Greek authorities. However, the researchers identified an overlap between the first infection infrastructure and a prior campaign targeting Russian and Belarusian-speaking exiled journalists and activists across Europe, suggesting a Pegasus operator authorized to operate in multiple EU member states. The timing is also notable: during the October 2022 compromise, Kouloglou was hospitalized for elective surgery and was visited by Greek journalist Thanasis Koukakis, whose phone was separately compromised with Intellexa's Predator spyware and who had testified before the PEGA Committee just one month earlier. Anyone concerned about exposure to similar threats can run a privacy checkup to review their device and network posture, verify their connection integrity with a VPN/proxy detector, and assess how their browser may be exposing them with a browser fingerprint test.