A recent Citizen Lab forensic report shows that Stelios Kouloglou, a former European Parliament lawmaker, had his mobile repeatedly infected with Pegasus spyware. These cyberattacks happened while he was on a committee examining the misuse of surveillance tools in the EU.
Researchers found that attackers repeatedly compromised his device, possibly gaining access to sensitive documents and internal discussions.
Kouloglou was a member of the European Parliament’s PEGA Committee from March 2022 to July 2023. The committee was created to investigate how member states and foreign groups misuse commercial spyware to infringe on regional rights and freedoms.
Notably, this is the first instance where a sitting PEGA Committee member has been publicly identified as a victim of the spyware they studied. Citizen Lab’s analysis indicates Kouloglou’s iPhone was first compromised around October 21, 2022, and again on March 6 and 7, 2023.
Both attacks employed a zero-click exploit in Apple’s smart home software, known to cybersecurity experts as PWNYOURHOME. Since the device was running an outdated operating system, the spyware installed itself silently without any user clicking on malicious links.
The timing of the digital breaches is highly significant. The first infection occurred while Kouloglou was hospitalized and receiving a visit from Greek investigative journalist Thanasis Koukakis, whose phone had previously been compromised by similar commercial spyware.
The subsequent March 2023 infection coincided directly with intense parliamentary discussions regarding the final drafting of the PEGA Committee report.
Cybersecurity experts have not officially linked the cyberattacks to any specific government, as there is no definitive evidence connecting the activity to Greek authorities. However, researchers have identified a notable technical similarity between the initial infection and a prior surveillance campaign that targeted Russian and Belarusian exiled journalists in Europe.
Both campaigns utilized the same operator email address to deploy the spyware. This connection strongly suggests that Pegasus’s responsible customer holds a broad commercial license that permits surveillance operations across multiple European jurisdictions.
This high-profile hacking case raises significant concerns about how governments are increasingly using powerful commercial spyware. Tools that are aggressively marketed for combating terrorism and serious crimes are now being misused to monitor the private communications of international lawmakers, journalists, and political critics.