EU Politicians Investigated Pegasus Spyware. Then It Ended Up on One of Their Phones
In the summer of 2022, Greek politician Stelios Kouloglou was investigating how intrusive spyware had been used to hack business leaders, law enforcement officials, and
In the summer of 2022, Greek politician Stelios Kouloglou was investigating how intrusive spyware had been used to hack business leaders, law enforcement officials, and politicians. As part of the European Parliament’s PEGA Committee, set up to investigate the use of the notorious Pegasus spyware and other variants, Kouloglou travelled to interview spyware victims and probe high-profile cases. That fall, according to a new forensic analysis, Kouloglou’s iPhone was hacked with the very same Pegasus spyware at the center of the investigations. “I was not expecting that,” Kouloglou, a longtime investigative journalist who served as a member of the European Parliament (MEP) from 2015 to 2024, tells WIRED. He says that when he recently found out his device had been compromised by the powerful spyware, he was shocked and then angry. “Me being a member of the Pegasus Committee investigating Pegasus and at the same time being hacked by Pegasus,” he says, “it was something really too reckless.” First discovered by Citizen Lab in 2016, Pegasus exploits an evolving set of mobile operating system vulnerabilities to infect both iOS and Android devices with malware that can tap microphones and cameras and grab a target’s messages, contact data, web browsing details, photos, or other personal information.
The revelation that Kouloglou’s device was targeted—not once, but multiple times—by the Pegasus spyware, created by Israeli firm NSO Group, was published on Friday by the University of Toronto’s Citizen Lab. The report, which could send shock waves through political circles in Europe, says it is the first time that a member of the PEGA Committee has been identified as having been a victim of the Pegasus spyware while they were working within the group. The researchers say they do not have conclusive evidence of what government or entity was behind the attacks on Kouloglou’s device, but they note that whoever perpetrated the attacks would have potentially gotten access to internal information about the committee’s activities and findings, potentially violating EU parliamentary confidentiality requirements and people’s privacy. John Scott-Railton, a Citizen Lab senior researcher, emphasizes that while the targeting occurred a few years ago, the irony of the episode underscores how endemic—and brazen—spyware targeting has become in the EU and beyond.
“It’s open spyware season on Europe’s lawmakers,” he says. “The European Parliament, national parliaments, nobody is prepared.” NSO, the developer of Pegasus, did not return WIRED’s requests for comment on the findings. NSO was founded in Israel and is still headquartered there, but United States–based investors acquired a majority stake in the company in 2025. The European investigation into the use of Pegasus and other spyware in 2022 was prompted in large part by the Pegasus Project, consisting of research and reporting from more than a dozen media outlets and nongovernment organizations on a huge leak from the NSO Group. The data showed the scale and broad scope of Pegasus use around the world, with at least 180 journalists among those reportedly targeted by the spyware. NSO Group disputed the findings. Around the same time, Greece was also rocked by a separate spyware scandal, known locally as “Greece’s Watergate,” where dozens of prominent journalists and government and military officials were targeted with the Predator spyware created by Intellexa.
