Security researchers have confirmed that Pegasus spyware was used to hack the iPhone of former European Parliament member Stelios Kouloglou while he was serving on a committee investigating spyware abuses across Europe. The discovery has renewed concerns over the use of commercial surveillance tools against journalists, lawmakers, and public officials. According to researchers, the attacks took place during 2022 and 2023 and coincided with important stages of the European Parliament’s investigation into alleged spyware misuse. The findings have sparked fresh debate over government surveillance practices and the need for stronger oversight of commercial spyware technologies.
Researchers identify first publicly known PEGA committee victim
Researchers from the University of Toronto’s digital rights research unit, Citizen Lab, said Stelios Kouloglou became the first publicly identified member of the European Parliament’s PEGA committee to have been targeted with Pegasus spyware.
The PEGA committee was established to investigate allegations that European governments had misused spyware technologies against journalists, politicians, activists, and other individuals. According to the researchers, the confirmed compromise of Kouloglou’s iPhone marks a significant development because the target himself was directly involved in examining spyware-related abuses.
Kouloglou described the hacking as a reckless act and expressed concern over the implications for democratic institutions and public accountability.
Spyware attacks aligned with key stages of the investigation
Citizen Lab’s report states that the first confirmed compromise occurred in October 2022. Additional attacks reportedly took place on March 6 and March 7, 2023.
Researchers noted that the timing overlapped with important periods of work carried out by the PEGA committee. During late 2022, committee members were discussing communications and preparing an early draft examining alleged spyware abuses in several European countries.
The later attacks reportedly occurred while Kouloglou was traveling from Athens to Brussels during committee hearings and ahead of the completion of the committee’s final report.
While the report does not conclude why Kouloglou was specifically targeted, he believes his role on the investigative committee was the reason.
Zero-click exploit allowed silent access
According to Citizen Lab, Pegasus entered the iPhone through a zero-click exploit, meaning no action was required from the victim.
Researchers said the attack exploited a security vulnerability in Apple’s iPhone software that had already been patched, although the update had not yet been installed on Kouloglou’s device.
The vulnerability reportedly involved Apple’s smart home software framework. Once exploited, Pegasus could allegedly collect private information from the phone, including text messages, communications, location information, and photographs, without the user’s knowledge.
Zero-click attacks remain among the most concerning forms of cyber intrusion because they can compromise devices without requiring victims to click links or download files.
Researchers do not identify the government customer
Citizen Lab did not attribute the operation to any specific country.
However, researchers said the same Pegasus-related email address previously used in attacks against journalists across Europe was also involved in this case. According to the report, the reuse of that infrastructure suggests the same Pegasus customer carried out multiple operations across different European countries.
The identity of the customer remains unknown.
European concerns over spyware continue
The confirmed attack has intensified concerns surrounding the use of commercial spyware within Europe.
One serving European lawmaker described the incident as a direct attack on the rule of law and urged the European Commission to introduce stronger restrictions governing spyware across the European Union.
The case also raises broader questions about how surveillance tools intended for serious criminal investigations can allegedly be used against journalists, lawmakers, and critics.
A spokesperson for the European Commission did not respond to media requests for comment before publication.
Kouloglou plans legal action
Speaking about the incident, Kouloglou said learning that his phone had been compromised was deeply upsetting because the spyware potentially exposed both professional communications and highly personal information.
He explained that the intrusion affected not only official conversations but also private memories, photographs, and personal exchanges stored on his device.
Kouloglou said he intends to file legal action against NSO Group, the company behind Pegasus spyware.
NSO Group also did not respond to media requests for comment before publication.
Pegasus remains under international scrutiny
Pegasus spyware has remained at the center of international debate for several years because of allegations that it has been used to monitor journalists, activists, political figures, and members of civil society.
The spyware developer continues to face significant scrutiny, and its technology has become the focus of ongoing legal and regulatory discussions regarding privacy, surveillance, and human rights.
Kouloglou said he decided to publicly discuss the incident because he believes it is important for democracy, human rights, and efforts to combat corruption.
Read More: Pegasus Spyware Hit European Parliament Investigator
FAQs:
What is Pegasus spyware?
Pegasus spyware is surveillance software designed to gain access to smartphones and collect information such as messages, photos, location data, and other communications.
Who confirmed the hacking?
Researchers from Citizen Lab at the University of Toronto confirmed the compromise after conducting their investigation.
How was the iPhone hacked?
According to researchers, the attack used a zero-click exploit that required no interaction from the device owner.
Was any government identified?
No. Researchers did not attribute the operation to any specific country or government customer.
What action is Kouloglou taking?
He has said that he plans to sue NSO Group following the reported compromise of his device.



