EU Lawmaker Hacked by Israeli Spyware

EU-Abgeordneter von israelischer Spyware gehackt
Credit: Reuters

A revealing new spyware case has intensified Europe’s already fraught debate over unlawful surveillance, democratic accountability, and the limits of political oversight. Stelios Kouloglou, a former Greek member of the European Parliament who served on the committee investigating abusive spyware practices, was himself hacked with Pegasus, the Israeli-made surveillance tool linked to NSO Group. The case is significant not only because of who was targeted, but because the target was part of the very institution trying to expose such abuse.

This report comes amidst the backdrop of spyware controversy having rocked the political standing of the European Union. Based on the analysis conducted by Citizen Lab, Kouloglou’s phone had been compromised at least thrice before, in October 2022 and March 2023, when he was working on the PEGA committee. The committee was established to look into the misuse of Pegasus and related software in Europe. It therefore becomes more than symbolic since it is the investigator who turns out to be under investigation. What is more disturbing in the present case is the convergence between institutional inquiry and digital surveillance. As per the report about the analysis, the attacks had been found out following forensics done on the phone, and the spyware identified to be in use was none other than Pegasus.

Why this case matters

The Pegasus case involving Kouloglou is not just another spyware incident. It is a direct challenge to the ability of democratic institutions to police unlawful surveillance when those institutions themselves can be compromised. In practical terms, it raises the question of whether lawmakers, journalists, activists, and investigators can ever safely probe state or private surveillance abuses if they are exposed to the same tools they are trying to regulate.

This background information is very relevant. There have been numerous instances where Pegasus has been associated with attacks on journalists, attorneys, human rights activists, opponents of the regime, and government officials. In this instance, it was an attack on a former MEP and journalist who was working within the internal structure of European Parliament. This by itself is an indication of the political implications that this issue will have. The reason is that such an allegation indicates a deterrent effect that goes beyond compromising of one cell phone. Such an effect can undermine investigation procedures and can even normalize surveillance as a means of fighting against political accountability. The fact that there are such allegations that involve members of a committee which was formed to fight against abuse of spyware indicates how threatening the situation is for the credibility of the organizations in charge of protecting the right to privacy in Europe.

What the investigation found

The Citizen Lab, which is a digital rights research institute associated with the University of Toronto, found evidence of infections with Kouloglou’s device at least thrice. According to the report, the first infection took place in October 2022, while other attacks took place in March 2023. This chronology of events is significant since it indicates continuity of the attacks rather than any single incident. Multiple infections would mean there was ongoing interest in targeting him through surveillance. According to reports, the malware Pegasus has been identified in these incidents. Pegasus is among the most notorious spyware ever uncovered and it is characterized by sophisticated attacks that work even when there is minimal or no engagement by the victim. Reports have stated that this particular incident was achieved using a zero-click attack strategy, which means that the victim did not have to click on any link for the infection to take place.

The investigation also stated that no public evidence pointed to the Greek government as the operator. That caution matters. Technical attribution in spyware cases is notoriously difficult, and researchers often avoid drawing political conclusions beyond what the forensic data can support. Even so, the absence of a named perpetrator does not reduce the seriousness of the case. Instead, it highlights the opacity of the spyware market and the difficulty of assigning responsibility once such tools are deployed.

The broader Pegasus problem

Pegasus is developed by Israel’s NSO Group and has been at the center of a global scandal involving covert digital surveillance. It has been accused of enabling abuse far beyond legitimate law-enforcement purposes. Critics say the tool has repeatedly been used against people who pose political inconvenience rather than security threats. That has made Pegasus a global shorthand for the abuse of commercial spyware.

In Europe, the controversy around Pegasus has proven destabilizing, as the issue transcends political party divides as well as borders. EU institutions, national authorities, and civil rights organizations have been under pressure to account for how the use of such tools was allowed, how it occurred, and what measures had been implemented for the acquisition and use of spyware. This is precisely why the PEGA committee came into existence. It is responsible for analyzing illegal surveillance and the extent of abuse, making suggestions for reform.

The case also illustrates a structural problem: spyware is not just a technology issue, it is a governance issue. Once such tools are available in the market, their use can spread into zones where legal controls are weak, oversight is fragmented, and accountability is slow. Even when governments claim they use surveillance tools only for legitimate law-enforcement purposes, repeated scandals have shown how easily those tools can be repurposed or abused.

Kouloglou’s political significance

Stelios Kouloglou is not a random victim. He is a Greek journalist and former member of the European Parliament who served from 2015 to 2024. His background matters because it places him at the intersection of media, politics, and accountability. As a journalist, he is familiar with the risks of surveillance. As an MEP, he had access to the institutional process that was meant to confront such risks.

That combination gives the case additional weight. It signals that spyware is not reserved for dissidents in authoritarian states; it can reach into the ranks of European lawmakers and investigative figures. The fact that Kouloglou was targeted during his role in a parliamentary inquiry makes the attack feel especially targeted, as though the surveillance system was responding to scrutiny itself.

This is why the case has important ramifications for democracy in Europe. If the individuals investigating the use of spyware are themselves vulnerable to such intrusion, there is a dangerous blurring of the line between observer and victim. There is also the question of whether other participants in the investigation are equally under threat without their identities being made public. Without even going into other instances, the Kouloglou affair is enough to make political institutions look one step behind.

Statements and implications

Citizen Lab’s findings effectively frame the incident as an example of surveillance boomerang, where the tools exposed by oversight bodies are turned back on those bodies. The researchers said the infection pattern matched prior campaigns against exiled Russian and Belarusian journalists and activists in Europe, suggesting that the targeting may fit a wider operational pattern rather than a single isolated event.

According to a Reuters report, the identity of the victim was that of an ex-MEP, who sat on a committee which had been set up to look into issues of intrusive surveillance. This is a critical aspect of the story since it helps to bring out the irony of this story. This is because what is being talked about here goes beyond hacking of phones to more fundamental issues relating to democratic oversight mechanisms.

A useful reading of the case is that it exposes a trust deficit. Citizens are being asked to believe that surveillance powers are used responsibly, but the recurring Pegasus scandals tell a different story. Each new incident adds to a growing archive of evidence that commercial spyware is difficult to contain once it enters the political ecosystem. That makes reform harder, not easier, because every controversy deepens the perception that oversight arrives too late.

Picture of Research Staff

Research Staff

Sign up for our Newsletter