News

Former EU Parliament Member Targeted with Pegasus Spyware

A report reveals former EU Parliament member Stelios Kouloglou's phone was hacked with Pegasus spyware while investigating its misuse.

A new report from Citizen Lab shows that Stelios Kouloglou, a former member of the European Parliament, was targeted with Pegasus spyware while serving on a committee investigating its abuse. The hacking occurred multiple times, raising concerns about surveillance of lawmakers and activists.

Former EU Parliament Member Targeted with Pegasus Spyware

A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee investigating the abuse of such commercial surveillance tools in the bloc.

Key Findings

According to the report, Kouloglou's phone was compromised on three separate occasions:

  • October 21, 2022: A zero-click exploit in Apple's smart home software, codenamed PWNYOURHOME, was used to deliver the spyware.
  • March 6 and 7, 2023: The same exploit was weaponized again.

The Citizen Lab researchers, including John Scott-Railton, Bill Marczak, and others, conducted a forensic analysis of Kouloglou's iPhone in May 2026. They found that the attacks could have granted access to confidential documents and committee deliberations.

Context and Timeline

Kouloglou was a member of the European Parliament's Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware from March 24, 2022, to July 18, 2023. The PEGA Committee was established to probe alleged misuses of commercial spyware under EU law, focusing on how member states and other countries might be using such tools in contravention of the region's rights and freedoms.

The first hacking incident occurred while Kouloglou was in the hospital for surgery, during which he was visited by Greek journalist Thanasis Koukakis, whose phone had also been compromised with Intellexa's Predator spyware. The second infection in March 2023 coincided with critical discussions and hearings related to the PEGA Committee's final report.

The Citizen Lab identified an overlap between the first infection and a previous campaign targeting Russian and Belarusian-speaking exiled journalists and activists in Europe. This suggests that a Pegasus customer authorized to spy in multiple European countries is likely responsible. The connection was made through the use of the same email address, rauharepo888[@]gmail.com, which is believed to be unique to specific operators.

Broader Implications

The findings raise concerns about the misuse of spyware marketed for combating serious crimes, such as terrorism and child sexual abuse, to spy on journalists, lawmakers, dissidents, and critics. This incident marks the first time a member of the PEGA Committee has been publicly identified as a victim of Pegasus spyware while serving on the committee.

The report also highlights broader issues in the surveillance landscape, including the use of tools like Cellebrite's UFED forensic software by Russian authorities and the exploitation of weaknesses in global telecoms infrastructure for covert location tracking.

Conclusion

The Citizen Lab's findings underscore the urgent need for stronger safeguards against the misuse of surveillance technology. As governments and private entities continue to deploy such tools, the risks to privacy, democracy, and human rights remain significant.