Politician who investigated spyware abuses had his phone hacked with Pegasus

impish92082 pts0 comments

Politician who investigated spyware abuses had his phone hacked with Pegasus spyware | TechCrunch

SearchSubmit

Site Search Toggle

Mega Menu Toggle

Topics

Latest

AI

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

More from TechCrunch

Staff

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Image Credits: Thierry Monasse / Getty Images

Security

Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

Zack Whittaker

10:05 PM PDT · July 2, 2026

Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reigniting fresh controversy over governments abusing spyware to collect information about their critics.

The researchers at the University of Toronto’s digital rights unit The Citizen Lab say the confirmed phone hacking of Greek journalist and former politician Stelios Kouloglou during 2022 and 2023 marks the first time that a member of the European Parliament’s PEGA committee, tasked with investigating phone spyware attacks by European governments, has been publicly identified as a victim of spyware.

Kouloglou told TechCrunch in a phone call that the deliberate compromise of his phone was "reckless." One serving European lawmaker described the hacking of Kouloglou’s phone as a "direct attack on the rule of law," and called on the European Commission to take concrete action by imposing strict limits on the use of spyware across the 27 member-state bloc.

While spyware attacks on lawmakers are rare, the timing and targeting of a committee investigator by way of the very spyware under his investigation suggests an intense focus on the committee’s inner workings ahead of a widely anticipated report detailing its findings. The hacks open fresh questions about how governments use spyware ostensibly needed for identifying serious crime, but then caught spying on the communications of journalists, lawmakers, and critics.

Citizen Lab’s researchers did not attribute the phone hacking to a specific country, but said that the government customer used the same Pegasus-loaded email address that was used in a previous campaign that hacked into the phones of journalists across Europe. The customer’s identity is not known, but the reuse of the same attacking email address implies that the customer had NSO Group’s authorization to use its Pegasus spyware to snoop on phones across multiple countries in Europe.

A spokesperson for the European Commission did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment about the Citizen Lab report prior to publication.

In its report out Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice during March 2023 using an exploit that compromised a security vulnerability in Apple’s iPhone software. This vulnerability had been patched but the fix was not yet installed on Kouloglou’s phone. The exploit was a "zero-click" bug, meaning the spyware broke in and stole his data without needing any interaction on his part.

The bug abused a previously discovered flaw in Apple’s smart home software used in iPhones. It allowed the spyware to grab private data from Kouloglou’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos.

The timing of the October 2022 hack coincides with intense discussions over email and text message throughout October and November 2022, ahead of the delivery of a first draft describing spyware abuses focusing in Cyprus, Greece, Hungary, Poland, and Spain.

The hack also lines up at the exact time that Kouloglou was in the hospital at the time for a pre-scheduled surgery, which may have allowed the spyware operators to listen in to ambient audio discussing his healthcare or other conversations he had with visitors at the time.

Months later on March 6 and 7, Citizen Lab said Kouloglou’s phone was hacked again by the same Pegasus operator while Kouloglou traveled from Athens to Brussels, during a period of committee hearings and months prior to the committee finalizing and adopting their written draft report.

In a call, Kouloglou told TechCrunch that he didn’t know why he was specifically targeted but that he believes it was due to his work on the European Parliament’s committee investigating Pegasus abuses.

He described anger when he learned that his phone had been hacked.

"You realize that all of your personal data [was taken] — not all the professional exchanges or messages with ministers — but...

spyware phone kouloglou hacked pegasus european

Related Articles