Breaking
OpenAI announces GPT-5 with breakthrough reasoning capabilities | OpenAI announces GPT-5 with breakthrough reasoning capabilities |

Home / The Investigator Becomes the Target: European Politician Hacked by Pegasus Spyware

Technology

The Investigator Becomes the Target: European Politician Hacked by Pegasus Spyware

Saran K | July 3, 2026 | 4 min read

Pegasus spyware

Table of Contents

    A Breach of Trust in the Heart of the EU

    In a development that underscores the precarious nature of digital privacy for those challenging state surveillance, security researchers have confirmed that Stelios Kouloglou, a Greek journalist and former member of the European Parliament, was targeted by the notorious Pegasus spyware. The breach is particularly significant because Kouloglou served on the PEGA committee—the very body tasked with investigating the abuse of spyware by European governments.

    The findings, released by the University of Toronto’s Citizen Lab, mark the first time a member of this specific investigatory committee has been publicly identified as a victim of the tool they were studying. The timing of the attacks—occurring throughout 2022 and 2023—suggests a coordinated effort to monitor the committee’s internal deliberations before the publication of its final report on surveillance abuses in member states like Greece, Hungary, Poland, and Spain.

    The Mechanics of a ‘Zero-Click’ Invasion

    According to Citizen Lab, Kouloglou’s iPhone was compromised in October 2022 and again in March 2023. The attackers utilized a “zero-click” exploit, one of the most dangerous forms of cyberattack because it requires no interaction from the user. There was no malicious link to click and no attachment to open; the spyware simply broke into the device silently.

    The exploit leveraged a security vulnerability in Apple’s smart home software. While Apple had released a patch for this specific flaw, it had not yet been installed on Kouloglou’s device at the time of the attack. Once inside, Pegasus granted the operators total access to the phone’s ecosystem. This included the ability to read encrypted text messages, extract photos, track real-time GPS location, and activate the microphone to record ambient audio.

    The human cost of this technical breach was felt most acutely during a period of vulnerability. The October 2022 hack coincided with a time when Kouloglou was hospitalized for a pre-scheduled surgery. Researchers suggest this timing may have allowed operators to eavesdrop on private healthcare discussions and conversations with visitors, turning a medical recovery period into a surveillance window.

    The Question of Attribution and Accountability

    While Citizen Lab did not name a specific government as the perpetrator, they noted a critical forensic link: the attacker used the same Pegasus-loaded email address previously associated with a campaign that targeted journalists across Europe. This suggests that the client had broad authorization from NSO Group to operate across multiple national borders.

    Kouloglou described the intrusion as “reckless,” noting that the hack went beyond professional espionage to scrape the most intimate parts of his life. “You realize that all of your personal data [was taken]… the happy moments and the sad moments,” he said in a statement. In response to these findings, Kouloglou has indicated his intention to sue the Israeli-headquartered NSO Group.

    The incident has reignited a fierce debate within the European Commission regarding the regulation of “dual-use” surveillance technology. One serving lawmaker characterized the attack as a “direct attack on the rule of law,” arguing that if the investigators themselves are not safe from the tools they are auditing, the democratic process is fundamentally compromised.

    A Beleaguered Industry Under Scrutiny

    NSO Group has long been at the center of human rights controversies, leading to a U.S. government blacklist under the Biden administration. Despite this, the company continues to seek financial stability, recently receiving tens of millions of dollars from an unnamed American investment group in an apparent attempt to pivot its brand away from the stigma of state-sponsored repression.

    As the European Parliament grapples with the fallout of the PEGA committee’s findings, the Kouloglou case serves as a visceral reminder that in the era of zero-click exploits, the line between national security and political espionage has become dangerously blurred.

    Related News

    #cybersecurity #privacy #europeanUnion #spyware #digitalRights

    Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *