Device of MEP investigating spyware abuse found to be infected with spyware
"Joint Statement: Pegasus in the parliament, the EU must act now" 3 July 2026
On 3 July, 2026, a forensic analysis by the Citizen Lab revealed that Stelios Kouloglou, former Member of the European Parliament and investigative journalist, was targeted and infected with Pegasus spyware, developed by NSO Group,on or around October 21, 2022, and again on March 6 and 7, 2023. At the time, Kouloglou was serving as a substitute member of the Parliament’s Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware (PEGA Committee).
This revelation is especially alarming because of the specific institutional context in which the targeting occurred. A member of the very committee mandated to investigate spyware abuse in Europe was targeted during key moments of that inquiry, which raises grave concerns about the integrity of parliamentary oversight, the protection of independent institutions in line with separation of powers, and the ability of elected representatives to scrutinize state surveillance without intimidation or interference as part of a legitimate exercise of their duties...
...Nearly three years after the PEGA Committee adopted its report and recommendations, the European Union has failed to deliver a meaningful, EU-wide response to the proliferation and abuse of commercial spyware. Since then, the EU and Member States have been involved in repeated scandals: besides the spyware use against exiled journalists and activists in Latvia, Lithuania, and Poland; there was also the targeting of the President of the European Parliament with Predator spyware; the use of Graphite spyware in Italy against humanitarian workers and journalists; EU public money flowing to spyware companies; as well as a lack of enforcement of the dual-use regulation resulting in continued exports of surveillance technology from the EU to countries with serious records of human rights violations...
...This latest revelation should be treated as a rule of law emergency, threatening the very foundations of our society...
We therefore call on:
- ...The European Commission to strengthen enforcement of the EU Dual-Use Regulation and ensure that the upcoming evaluation of the Regulation fully reflects the findings of the PEGA Committee and subsequent spyware revelations; includes a comprehensive fundamental rights impact assessment; and is conducted with meaningful participation of civil society;
- Ensure that EU funds do not support companies involved in the development, sale, or deployment of spyware...
Additional notes from The Citizen Lab report:
...This is the first time a member of the PEGA Committee has been publicly identified as a victim of Pegasus spyware while serving on the Committee...
...While we assess with high confidence that Kouloglou was targeted and infected with NSO Group’s Pegasus mercenary spyware, we are not attributing these investigations to a specific NSO Group customer...
...We further note that infections appear to have been present on his phone in at least two European jurisdictions (We further note that infections appear to have been present on his phone in at least two European jurisdictions (Greece and Belgium). Based on what we know of NSO Group’s licensing, this would likely indicate that the customer had a license that enabled infections in multiple EU jurisdictions, narrowing the list of potential Pegasus operators that could be responsible for this case...
According to Techcrunch, NSO Group did not respond to a request for comment about the Citizen Lab report.