All posts

EU politician hacked with Pegasus while investigating Pegasus

Manaal KhanJuly 3, 2026 at 7:32 PM5 min read
EU politician hacked with Pegasus while investigating Pegasus

Key Takeaways

EU politician hacked with Pegasus while investigating Pegasus
Source: TechCrunch
  • Greek journalist and MEP Stelios Kouloglou was hacked with Pegasus spyware in 2022 and 2023 while serving on the EU committee investigating spyware abuses
  • The timing of the hacks coincided with critical committee discussions and draft report preparations
  • Kouloglou plans to sue NSO Group and is calling for strict EU-wide limits on government spyware use

A Greek MEP investigating government spyware abuses was himself hacked with Pegasus, the very surveillance tool his committee was probing. Security researchers at The Citizen Lab confirmed Friday that Stelios Kouloglou's phone was compromised at least three times between October 2022 and March 2023, while he served on the European Parliament's PEGA committee.

The irony is sharp, but the implications are sharper. This marks the first confirmed case of a PEGA committee member being publicly identified as a spyware victim. Someone with access to NSO Group's Pegasus tool decided that monitoring the people investigating spyware was worth the risk of exposure.

Advertisement

When were the attacks and what did they access?

Citizen Lab documented three separate intrusions. The first occurred in October 2022, during intense committee discussions about a draft report covering spyware abuses in Cyprus, Greece, Hungary, Poland, and Spain. Kouloglou was in the hospital for a pre-scheduled surgery at the time, meaning the spyware operators may have captured ambient audio of his healthcare conversations and visitor interactions.

The second and third attacks hit on March 6 and 7, 2023, as Kouloglou traveled from Athens to Brussels for committee hearings. This was months before the committee finalized its written report.

All three attacks exploited a zero-click vulnerability in Apple's iPhone software. The flaw existed in Apple's HomeKit smart home framework. Apple had released a patch, but Kouloglou hadn't installed it yet. The exploit required no action from him. No suspicious link, no fake login page. The spyware simply broke in and began extracting text messages, location data, photos, and other correspondence.

Who ordered the surveillance?

Citizen Lab did not attribute the attack to a specific government. But researchers noted that the same Pegasus-loaded email address used against Kouloglou had previously targeted journalists across Europe in an earlier campaign. The reuse suggests a single NSO customer with authorization to operate across multiple European countries.

That detail matters. NSO Group has long claimed it sells Pegasus only to vetted government clients for legitimate law enforcement purposes. If one customer can target journalists in multiple countries and then pivot to surveilling a European Parliament investigator, the vetting process isn't working as advertised.

NSO Group did not respond to TechCrunch's request for comment. Neither did the European Commission.

What does the target say?

Kouloglou called the compromise "reckless" in a phone interview with TechCrunch. He believes his committee work made him a target, though he said he doesn't know why he was specifically chosen.

You realize that all of your personal data was taken — not all the professional exchanges or messages with ministers — but also the very private things, like the happy moments and the sad moments.

— Stelios Kouloglou, Greek MEP and journalist

He plans to sue NSO Group. He also wants the European Commission to impose strict limits on spyware use across all 27 member states. One serving European lawmaker described the hacking as a "direct attack on the rule of law."

Advertisement

NSO Group's troubled position

NSO Group remains largely banned from U.S. government use following a Biden-era executive order that prohibited spyware tools posing human rights risks. The company has tried to rehabilitate its image. Last year, an unnamed American investment group reportedly funneled tens of millions of dollars into NSO, presumably betting the company can outlast its current pariah status.

The Citizen Lab has documented Pegasus operations in at least 45 countries. The 2021 Pegasus Project investigation identified over 50,000 phone numbers in a leaked database of potential targets. At least 14 EU member states have reportedly purchased the spyware, according to PEGA committee findings.

Licensing Pegasus reportedly costs governments around $8 million per year, with individual phone hacks priced at roughly €1 million each. These aren't tools for investigating petty crime. They're designed for high-value targets, which increasingly includes the people investigating the tools themselves.

The defense problem

Zero-click exploits are particularly difficult to defend against because they require no user mistake. John Scott-Railton, a senior researcher at Citizen Lab, has noted that "there is no way to protect yourself against Pegasus. It's not like other malware where if you're careful you're safe."

Apple has released Lockdown Mode, an optional iPhone setting that disables many features Pegasus exploits, but it comes with significant usability tradeoffs. Most users, including most politicians, don't enable it.

ℹ️

Logicity's Take

The timing of these hacks wasn't coincidental. Hitting a committee investigator during sensitive drafting periods and travel to hearings suggests the attacker wanted real-time intelligence on the investigation's direction. For CTOs and security leaders, the lesson is grimmer than usual: even if your organization isn't a spyware target, your employees who serve on industry boards, regulatory committees, or standards bodies might be. Mobile device management tools from vendors like Jamf, Microsoft Intune, or Kandji can enforce faster patch deployment, but zero-click exploits often outpace available fixes. The only reliable mitigation is assuming compromise and compartmentalizing sensitive communications accordingly.

Frequently Asked Questions

What is Pegasus spyware?

Pegasus is a military-grade surveillance tool developed by Israel-based NSO Group. It can remotely access smartphones, extracting messages, emails, photos, location data, and ambient audio without the user's knowledge or interaction.

What was the PEGA committee investigating?

The European Parliament's PEGA committee was established to investigate how EU member state governments used Pegasus and similar spyware to target journalists, politicians, and critics, particularly in Greece, Hungary, Poland, and Spain.

How can organizations protect against zero-click exploits?

There is no foolproof defense. Best practices include enabling Apple's Lockdown Mode on iPhones, installing security updates immediately, and using separate devices for sensitive communications. Assume compromise is possible and compartmentalize accordingly.

Is Pegasus legal to use?

NSO Group claims it sells only to government clients for lawful purposes. However, documented abuses have led to U.S. government bans and ongoing litigation. Legality varies by jurisdiction and intended use.

ℹ️

Need Help Implementing This?

If your organization needs to assess mobile security posture or develop incident response plans for executive devices, reach out to security consultants who specialize in mobile threat defense. The threat model for senior leaders differs significantly from standard enterprise security.

Source: TechCrunch / Zack Whittaker

Advertisement
M

Manaal Khan

Tech & Innovation Writer

Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.

Related Articles