In the summer of 2022, Greek politician Stelios Kouloglou was investigating how intrusive spyware had been used to hack business leaders, law enforcement officials, and politicians. As part of the European Parliament’s PEGA Committee, set up to investigate the use of the notorious Pegasus spyware and other variants, Kouloglou travelled to interview spyware victims and probe high-profile cases. That fall, according to a new forensic analysis, Kouloglou’s iPhone was hacked with the very same Pegasus spyware at the center of the investigations.
News
“I was not expecting that,” Kouloglou, a longtime investigative journalist who served as a member of the European Parliament (MEP) from 2015 to 2024, tells WIRED. He says that when he recently found out his device had been compromised by the powerful spyware, he was shocked and then angry.
“Me being a member of the Pegasus Committee investigating Pegasus and at the same time being hacked by Pegasus,” he says, “it was something really too reckless.”
First discovered by Citizen Lab in 2016, Pegasus exploits an evolving set of mobile operating system vulnerabilities to infect both iOS and Android devices with malware that can tap microphones and cameras and grab a target’s messages, contact data, web browsing details, photos, or other personal information .
Details
The revelation that Kouloglou’s device was targeted—not once, but multiple times—by the Pegasus spyware, created by Israeli firm NSO Group, was published on Friday by the University of Toronto’s Citizen Lab. The report, which could send shock waves through political circles in Europe, says it is the first time that a member of the PEGA Committee has been identified as having been a victim of the Pegasus spyware while they were working within the group. The researchers say they do not have conclu
John Scott-Railton, a Citizen Lab senior researcher, emphasizes that while the targeting occurred a few years ago, the irony of the episode underscores how endemic—and brazen—spyware targeting has become in the EU and beyond. “It’s open spyware season on Europe’s lawmakers,” he says. “The European Parliament, national parliaments, nobody is prepared.”
NSO, the developer of Pegasus, did not return WIRED’s requests for comment on the findings. NSO was founded in Israel and is still headquartered there, but United States–based investors acquired a majority stake in the company in 2025.
Analysis
The European investigation into the use of Pegasus and other spyware in 2022 was prompted in large part by the Pegasus Project, consisting of research and reporting from more than a dozen media outlets and nongovernment organizations on a huge leak from the NSO Group. The data showed the scale and broad scope of Pegasus use around the world, with at least 180 journalists among those reportedly targeted by the spyware. NSO Group disputed the findings. Around the same time, Greece was also rocked
Researchers noted at the time that the Pegasus Project showed the need for public-private collaboration and concerted policy efforts to comprehensively address misuse of spyware. Technological protections alone cannot address the issue, many concluded.
The Citizen Lab report about targeting within the PEGA Committee demonstrates this, too. “The use of spyware not only violates the fundamental rights of the individuals concerned, but in this case also threatens the security and integrity of parliamentary work and of the European Parliament as a whole,” MEP Saskia Bricmont, a member of the PEGA Committee, told WIRED in a statement. “It is a direct attack on the rule of law.”
Stay informed with the latest news on Wararka.so — your trusted source for Somalia and world news.

