BRUSSELS — Former member of the European Parliament Stelios Kouloglou was “repeatedly hacked “with Pegasus spyware while serving on the Parliament’s committee investigating spyware abuses, according to a new forensic investigation.
The revelation raises fresh questions about whether the work of the inquiry itself was compromised.
Researchers from Toronto University’s Citizen Lab found that Kouloglou’s phone was infected at least twice — on Oct. 21, 2022 and March 6–7, 2023 — during two critical phases of the investigation carried out by the Parliament’s PEGA Committee.
The findings mark the first publicly documented case of an active member of the committee being targeted with Pegasus, the notorious spyware operated by Israeli cyber-intelligence leader NSO Group that has been used to target political figures worldwide, including the EU’s top leaders.
Kouloglou told POLITICO that both hacks occurred during periods of “enormous preparation” for committee activities. During the October 2022 incident cited by Citizen Lab, lawmakers were preparing research missions to Greece, Cyprus and Spain as part of investigations into government use there.
According to the report, the spyware would likely have given the attacker access to Kouloglou’s private emails, text messages and other communications relating to the committee’s deliberations, potentially exposing confidential parliamentary work.
The second infection in March 2023 occurred as lawmakers finalized the committee’s report. Kouloglou, an investigative journalist turned MEP, had traveled to Brussels for discussions on the final text.
“Without a doubt the hacking had to do absolutely with my status as member of the PEGA Committee,” said Kouloglou.
The researchers are not attributing the hacking to any specific government. Instead, the report identifies overlaps with a previously documented Pegasus campaign targeting exiled Russian- and Belarusian-speaking journalists and activists in Europe. This suggests the operation was likely carried out by an NSO Group customer authorized to deploy Pegasus across multiple European countries, according to the report.
“Whichever entity is responsible for the hacking, the infection could have exposed strictly confidential exchanges among PEGA Committee members and their staff, and other sensitive and confidential parliamentary proceedings, including to parties under investigation by the Committee itself,” wrote the report’s authors.
Sophie in ‘t Veld, a former MEP and lead lawmaker on the PEGA Committee, told POLITICO that the real question is why, after hundreds of politicians were targeted — including European Parliament President Roberta Metsola — the European Commission has done nothing to stem the abuse or punish the perpetrators.
“While we’re all obsessing with the state of democracy and the rule of law in the United States, there’s complete impunity on this,” said in ‘t Veld. “If attempts to target the phone of the president of the European Parliament or members of the European Commission, does not trigger sufficient reaction [and] is not enough to break the deadlock, then what is?”
