Spyware Infiltrates Phone of European Parliament Member Investigating Its Misuse
A significant cybersecurity breach has emerged involving Stelios Kouloglou, a former member of the European Parliament (MEP) and a key figure in the parliamentary committee investigating the misuse of spyware technology. His phone was reportedly infected multiple times with Pegasus spyware during his tenure on the PEGA Committee, which focuses on addressing the rampant abuse of commercial spyware in Europe.
According to a report from digital forensic researchers at Citizen Lab, Kouloglou’s phone was compromised by Pegasus, a sophisticated zero-click spyware, in October 2022 and again in March 2023. At the time of these incidents, the PEGA Committee was engaged in sensitive discussions and preparations for recommendations aimed at curbing the misuse of such technologies.
Despite the PEGA Committee releasing its recommendations in May 2023, the European Commission has largely overlooked these findings. This inaction has drawn criticism from various politicians and cybersecurity experts, including John Scott-Railton of Citizen Lab, who described the situation as inexcusable. He expressed concern that more members of the European Parliament may be unaware that their devices could be compromised, stating, “I know what the next chapter of this story is — it’s going to be more hacked members of parliament.”
Kouloglou, who served in the European Parliament from 2015 to 2024 and is also a seasoned investigative journalist, has suggested that the Greek government may be behind the hacks. However, Citizen Lab has found no evidence to support this claim. Greece has been embroiled in a broader spyware scandal, although the technology implicated in those cases was produced by Intellexa, not the NSO Group, the company responsible for Pegasus.
A spokesperson for the NSO Group did not respond to inquiries regarding the incident. Generally, commercial spyware manufacturers assert that their products are intended for legitimate purposes, such as criminal investigations and counter-terrorism operations.
Connection to Broader Spyware Incidents
Citizen Lab posits that the same customer of Pegasus responsible for the Kouloglou incidents is linked to a series of other spyware attacks targeting Russian and Belarusian-speaking journalists and opposition figures between August 2020 and January 2023. The same email address used to target Kouloglou was also employed in these attacks, suggesting a coordinated effort.
The specificity of the emails used for targeting indicates that the government behind the Kouloglou hack is likely responsible for the attacks on journalists as well. The report notes that only a select group of Pegasus customers possess the licensing to conduct hacks across multiple countries, thereby narrowing the list of potential perpetrators.
In May 2026, Kouloglou submitted his phone to Citizen Lab for analysis. Researchers discovered that he had received three Apple threat notifications regarding potential spyware, which he claimed he had not seen.
Implications for Democracy
The infiltration of Kouloglou’s phone highlights a troubling trend in the use of spyware against public officials, particularly those tasked with oversight. Hannah Neumann, a German Green Party representative and negotiator for the PEGA Committee, emphasized that the breach demonstrates a blatant disregard for the role of parliamentarians in scrutinizing such technologies. She stated, “The country responsible spied on a member of the European Parliament while that member was investigating spyware abuse. It shows a total disregard for Parliamentarians’ role to scrutinize and, as such, for European democracy.”
The initial attack on Kouloglou’s phone coincided with a critical period for the PEGA Committee, occurring just days before a series of hearings and the preparation of a draft report. The second attack also aligned with intense discussions among committee members regarding the final report.
Neumann has expressed frustration over the European Commission’s lack of action concerning spyware regulations. She fears that even this incident may not catalyze the implementation of the committee’s proposed reforms. According to her, the Commission’s inaction stems from national governments prioritizing the intelligence and law enforcement benefits of spyware over the risks it poses to democratic institutions.
“It’s totally absurd that nothing’s being done, but still there is this fake notion of spyware contributing to security, when in fact it undermines security,” Neumann remarked.
Kouloglou has indicated plans to take legal action against NSO, highlighting the personal impact of the breach. He noted, “In my phone, there were 15 years of photos, messages, you name it, messages with the prime ministers, with the members, the leaders of the different political parties and journalists. … Everything.”
The implications of this incident extend beyond individual privacy violations; they raise critical questions about the integrity of democratic processes and the accountability of governments in the digital age. As the landscape of cybersecurity continues to evolve, the need for robust regulations and oversight mechanisms becomes increasingly urgent.
Source: therecord.media
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.


