HackMyIP
← Back to News
2026-07-03 The Record

Pegasus Spyware Found on EU Parliament Member Probing Its Misuse

PrivacyMalwareAPT

A phone belonging to former Greek Member of the European Parliament Stelios Kouloglou was infected with Pegasus spyware on at least two occasions during his tenure on the PEGA Committee, the European Parliament's inquiry into commercial spyware abuse. According to digital forensic researchers at Citizen Lab, the zero-click exploit chain struck Kouloglou's device in October 2022 and again in March 2023, while he was actively helping draft the committee's recommendations on how to curb the proliferation of mercenary surveillance tools across Europe. Kouloglou, a longtime investigative journalist who represented Greece from 2015 to 2024, brought his phone to Citizen Lab in May 2026 for examination.

Citizen Lab's findings intensify scrutiny of the European Commission, which has largely disregarded the PEGA Committee's May 2023 recommendations despite continued revelations of EU-based spyware activity. "I know what the next chapter of this story is — it's going to be more hacked members of parliament, and I would bet that there are members of the European Parliament today walking around with no idea that their phone in their pocket has been turned into a spy," said Citizen Lab researcher John Scott-Railton. Kouloglou has publicly blamed the Greek government, though Citizen Lab said it has no technical indicators confirming that attribution. Greece's separate "Predatorgate" scandal involved Intellexa's Predator spyware rather than NSO Group's Pegasus, and a spokesperson for NSO Group did not respond to requests for comment regarding the new findings.

Citizen Lab linked the Kouloglou incidents to a cluster of attacks detailed in its May 2024 report on Pegasus targeting of seven Russian and Belarusian-speaking journalists and opposition figures between August 2020 and January 2023. Analysts determined that the same Pegasus operator was responsible because the email-based lures deployed against Kouloglou matched infrastructure used in the earlier Eastern European campaign. Because targeting emails are unique to specific Pegasus customers, and only a subset of licensed operators hold multi-country deployment rights, the operator pool narrows considerably. Anyone concerned about exposure to similar surveillance tradecraft can run a privacy checkup to surface common device-side risks, while those worried about spoofed senders in spear-phishing lures can verify their own contact data with an email breach checker.

Despite NSO Group's public claims that Pegasus is sold only for counterterrorism and serious criminal investigations, repeated abuses against journalists, dissidents, and elected officials have undermined that line. The EU has yet to enact binding restrictions on commercial surveillance vendors, leaving parliamentarians and civil society targets with limited recourse beyond third-party forensic audits. Security researchers stress that hardened device hygiene — including regular audits of app permissions, avoiding suspicious attachments, and isolating sensitive communications — remains the primary defense against zero-click exploits deployed by sophisticated APT operators.

Source: The Record →

Related Tools

Check whether this kind of story affects you — free, no signup:

Browser Fingerprint →Privacy Checkup →

Related Guides

Learn the background behind this story:

What is a VPN? →How websites track you →Browser fingerprinting explained →