NSO Group’s Pegasus spyware was used to repeatedly target Stelios Kouloglou, a former member of the European Parliament, while he served on a committee investigating the very same surveillance technology. According to a report from the Citizen Lab at the University of Toronto, the attacks occurred as Kouloglou helped draft reports on how governments use spyware in contravention of EU law.
Who targeted the European official?
Researchers at the Citizen Lab state they cannot definitively attribute the infection of Kouloglou’s mobile device to a specific government operator. However, the analysis found the hacking campaign shares unique technical hallmarks with a separate effort that targeted Russian and Belarusian journalists and opposition activists living in Europe. The Citizen Lab team identified a unique Apple ID email used in the attacks, suggesting a common operator with the capacity to conduct surveillance in countries including Belgium and Greece.

“When you realise your private life is scrutinised by very bad people, you become angry,” Kouloglou, who is also a journalist and left parliament in 2024, said in an interview. “It’s a big issue having to do with corruption, justice and democracy.”
When was the device compromised?
The first confirmed infection of Kouloglou’s device occurred on 21 October 2022. This period coincided with intense activity within the Pega committee, the special European parliamentary body tasked with investigating the misuse of Pegasus. A second round of hacking took place on 6 and 7 March 2023, as Kouloglou traveled between Athens and Brussels during the final drafting stages of the committee’s report.
The Pegasus Project, which was published after the establishment of the Pega committee in March 2022 by the Guardian and a consortium of media outlets, exposed how NSO Group’s software was being used by various governments to monitor journalists, activists, and politicians globally.
Why does this matter for European security?
John Scott-Railton, a senior researcher at the Citizen Lab, describes the targeting of a Pega committee member as the “ultimate irony” of Europe’s spyware crisis. He warns that the lack of accountability means the problem is likely to persist. According to Scott-Railton, the committee’s recommendations have essentially been ignored, and he suspects other officials may currently be attending high-level meetings with compromised devices without their knowledge.
The “Greek Watergate” connection
The hacking of Kouloglou’s phone coincided with his visit to a hospital for elective surgery, where he was visited by Greek investigative journalist Thanasis Koukakis. Koukakis was a central figure in the “Greek Watergate” scandal, which involved the illegal targeting of more than 80 individuals in Greece, including military officials and journalists. Koukakis had previously provided testimony to the Pega committee regarding his own experience with mercenary spyware.

What is the future of spyware in politics?
The incident involving Kouloglou highlights a widening gap between legislative oversight and the capabilities of private surveillance firms. While the NSO Group sells its software to governments around the world for the purposes of stopping serious crime and terror attacks, the recurring targeting of those investigating these tools suggests a shift toward the surveillance of political actors. As of now, the NSO Group has not responded to requests for comment regarding these specific allegations.
To protect sensitive communications, security experts often recommend using encrypted messaging platforms and frequently updating device software to patch potential vulnerabilities, though sophisticated “zero-click” exploits like those used in Pegasus remain difficult to detect for the average user.
Frequently Asked Questions
What is the Pega committee?
The Pega committee was a special European parliamentary committee established in March 2022 to investigate the scope of how spyware was being used in contravention of EU law.
Has the NSO Group commented on these attacks?
No. The NSO Group did not respond to requests for comment regarding the Citizen Lab report on the targeting of Stelios Kouloglou.
Can Citizen Lab confirm which government is responsible?
No. While researchers linked the attack to a specific operator who also targeted Russian and Belarusian activists, they could not definitively name the government client behind the operation.
Stay informed on the latest developments in digital privacy and European policy. Subscribe to our newsletter for updates on cybersecurity trends and investigative reports.
