A prominent European politician who helped investigate abuses of commercial spyware has himself been hacked with Pegasus, in a case that underscores the growing threat such tools pose to democratic institutions.
Security researchers at the Citizen Lab, the digital rights research group based at the University of Toronto, confirmed that the phone of Greek journalist and former member of the European Parliament Stelios Kouloglou was compromised multiple times while he served on the Parliament’s PEGA committee. The committee was created to probe how European governments deployed spyware, including Pegasus, against journalists, activists, and political opponents.
Citizen Lab’s forensic analysis found that Kouloglou’s iPhone was infected in October 2022 and at least twice in March 2023. The attackers used a so‑called zero‑click exploit, a highly sophisticated technique that allows spyware to infiltrate a device without the victim clicking a link or opening a malicious file. The exploit took advantage of a vulnerability in Apple’s smart home software that, although patched, had not yet been updated on Kouloglou’s device.
The timing of the intrusions closely tracked sensitive moments in the committee’s work. The first hack coincided with intense internal discussions over a draft report on spyware abuses in Cyprus, Greece, Hungary, Poland, and Spain. Another infection occurred as Kouloglou traveled from Athens to Brussels for committee hearings, months before the final report was adopted.
Citizen Lab did not conclusively attribute the operation to a specific government, but said the Pegasus operator reused an email address previously linked to campaigns against journalists in Europe. That reuse suggests a government client with ongoing authorization from NSO Group, the Israeli company behind Pegasus, to conduct cross‑border surveillance.
Kouloglou described the hacking as reckless and a direct assault on democratic oversight. He said he believes he was targeted because of his role scrutinizing Pegasus and other spyware, and that he plans to sue NSO Group. One sitting lawmaker, briefed on the case, called it an attack on the rule of law and urged the European Commission to impose strict limits on spyware use across the bloc.
The intrusion would have given operators access to Kouloglou’s messages, contacts, photos, location data, and potentially ambient audio, including while he was hospitalized for surgery. He said he chose to go public “for democracy, human rights, and the fight against corruption,” warning that the same tools justified for combating serious crime are now being turned against those who expose abuses of power.