European Parliament Member Hacked with Pegasus Spyware While Investigating Spyware Abuses
Researchers at the University of Toronto's Citizen Lab have confirmed that Stelios Kouloglou, a member of the European Parliament, had his phone hacked with Pegasus spyware in 2022 and 2023. This is the first time a member of the Parliament's PEGA committee, which investigates spyware abuses, has been publicly identified as a victim, according to TechCrunch.
The Citizen Lab report, published on Friday, states that Kouloglou was targeted in October 2022 and at least twice in March 2023. The attacks used a 'zero-click' exploit that took advantage of an unpatched flaw in Apple's iPhone software. The exploit allowed attackers to secretly harvest text messages, location data, and photos from Kouloglou's phone.
Kouloglou is a member of the PEGA committee, which was formed to examine the use of spyware in the European Union. The October 2022 breach coincided with intense discussions over email and text ahead of a draft report on spyware abuses in Cyprus, Greece, Hungary, Poland, and Spain.
Kouloglou described the hacking as 'reckless.' A European lawmaker called it a 'direct attack on the rule of law' and urged the European Commission to impose strict limits on spyware use across the bloc. Citizen Lab did not attribute the hack to a specific government but noted that the attacker used a Pegasus-linked email address seen in an earlier campaign against journalists across Europe.
Neither the European Commission nor NSO Group, the Israeli company that sells Pegasus, responded to requests for comment. Kouloglou said he intends to sue NSO Group and is going public 'for democracy, human rights, and the fight against corruption.'