
Summary
In the summer of 2022, Greek politician Stelios Kouloglou was investigating how intrusive spyware had been used to hack business leaders, law enforcement officials, and politicians. As part of the European Parliament’s PEGA Committee, set up to investigate the use of the notorious Pegasus spyware and other variants, Kouloglou travelled to interview spyware victims and probe high-profile cases. That fall, according to a new forensic analysis, Kouloglou’s iPhone was hacked with the very same Pegasus spyware at the center of the investigations. “I was not expecting that,” Kouloglou, a longtime investigative journalist who served as a member of the European Parliament (MEP) from 2015 to 2024, tells WIRED. He says that when he recently found out his device had been compromised by the powerful spyware, he was shocked and then angry. “Me being a member of the Pegasus Committee investigating Pegasus and at the same time being hacked by Pegasus,” he says, “it was something really too reckless.” First discovered by Citizen Lab in 2016, Pegasus exploits an evolving set of mobile operating system vulnerabilities to infect both iOS and Android devices with malware that can tap microphones and cameras and grab a target’s messages, contact data, web browsing details, photos, or other personal information . The revelation that Kouloglou’s device was targeted—not once, but multiple times—by the Pegasus spyware, created by Israeli firm NSO Group, was published on Friday by the University of Toronto’s Citizen Lab. The report, which could send shock waves through political circles in Europe, says it is the first time that a member of the PEGA Committee has been identified as having been a victim of the Pegasus spyware while they were working within the group. The researchers say they do not have conclusive evidence of what government or entity was behind the attacks on Kouloglou’s device, but they note that whoever perpetrated the attacks would have potentially gotten access to internal information about the committee’s activities and findings, potentially violating EU parliamentary confidentiality requirements and people’s privacy. John Scott-Railton, a Citizen Lab senior researcher, emphasizes that while the targeting occurred a few years ago, the irony of the episode underscores how endemic—and brazen—spyware targeting has become in the EU and beyond. “It’s open spyware season on Europe’s lawmakers,” he says. “The European Parliament, national parliaments, nobody is prepared.” NSO, the developer of Pegasus, did not return WIRED’s requests for comment on the findings. NSO was founded in Israel and is still headquartered there, but United States–based investors acquired a majority stake in the company in 2025. The European investigation into the use of Pegasus and other spyware in 2022 was prompted in large part by the Pegasus Project, consisting of research and reporting from more than a dozen media outlets and nongovernment organizations on a huge leak from the NSO Group. The data showed the scale and broad scope of Pegasus use around the world, with at least 180 journalists among those reportedly targeted by the spyware. NSO Group disputed the findings. Around the same time, Greece was also rocked by a separate spyware scandal, known locally as “Greece’s Watergate,” where dozens of prominent journalists and government and military officials were targeted with the Predator spyware created by Intellexa. Researchers noted at the time that the Pegasus Project showed the need for public-private collaboration and concerted policy efforts to comprehensively address misuse of spyware. Technological protections alone cannot address the issue, many concluded. The Citizen Lab report about targeting within the PEGA Committee demonstrates this, too. “The use of spyware not only violates the fundamental rights of the individuals concerned, but in this case also threatens the security and integrity of parliamentary work and of the European Parliament as a whole,” MEP Saskia Bricmont, a member of the PEGA Committee, told WIRED in a statement. “It is a direct attack on the rule of law.” The research stops short of naming any government that may have used Pegasus against Kouloglou, noting in particular that it found no indication of Greek government involvement. But Citizen Lab does say it found overlaps between the attacks on Kouloglou’s phone and the use of Pegasus against seven Russian- and Belarusian-speaking journalists and activists between August 2020 and January 2023. “They did not only target an MEP, they spied on the investigation into spyware abuse itself. That shows the whole absurdity of the situation,” Hannah Neumann, a Green MEP who served on the spyware committee, tells WIRED. A spokesperson for the European Parliament did not directly comment on the findings when asked about them by WIRED, but says it has a “spyware screening system” that is available to all MEPs and has recently adopted measures to expand its protections. Kouloglou’s phone was first infected while he happened to be in the hospital on October 21, 2022, according to the findings from Citizen Lab. While recovering from elective surgery, he was visited by Greek investigative journalist Thanasis Koukakis, who had previously been hacked with Predator spyware. The following week, the PEGA Committee held several hearings on the impact of spyware and how it could interfere with human rights. Members of the committee, including Kouloglou, then visited Cyprus and Greece as part of its investigations. On March 6 and 7, 2023, according to the findings, Kouloglou’s phone was infected with Pegasus spyware again. Neumann, who was also part of the investigation, says that around the time of the first compromise of Kouloglou’s phone, the committee was heading into “key hearings,” including questioning companies operating within the spyware industry. At the time of the 2023 incident, Neumann says, the group was finalizing and conducting negotiations on its findings. “Looking at the dates, it’s pretty obvious that somebody was not just randomly spying on him, but really targeted the committee’s work,” Neumann says. “I got angry because you realize that your private life, including messages not only with politicians, friends, but your personal life with relatives, kids, wives, et cetera has been monitored by somebody,” Kouloglou says. “It’s not a matter only about privacy, it’s also a matter about justice, democracy and the corruption fight.” Citizen Lab found, as part of its forensic analysis, that Kouloglou’s phone received three notifications from Apple, in March and August 2023 and April 2024, alerting him that he was likely being targeted with spyware. These notifications are not issued in real time and Kouloglou says he does not have a recollection of seeing them. Kouloglou and other MEPs tell WIRED they are concerned that other members of the committee could also have been targeted and that the group’s recommendations—including creation of an EU-based tech lab focused on forensic device analysis and a spyware taskforce for elections—have not been adopted years after the committee completed its report. “Europe has a mountain of spyware abuses, and nothing has happened—it’s an embarrassment for European institutions,” says Citizen Lab’s Scott-Railton. “It leaves Europeans unprotected even as AI promises to turbocharge the mercenary spyware threat by lowering costs and barriers to entry.” He notes, too, that some countries, including the United States, have made progress combating spyware use through sanctions, visa bans, executive orders, and other deterrents. “There is no lack of awareness of the problems that come with mercenary spyware,” says Neumann. “That’s what the Pegasus Committee wrote the whole report about. There is no lack of recommendations on how to fix it. It’s just a matter of, can you please now do it?”