Pegasus Spyware Found on EU Parliament Investigator's Phone
Citizen Lab found Pegasus spyware on MEP Stelios Kouloglou's phone during spyware probes.
Why it matters: This incident exposes the vulnerability of political figures to sophisticated spyware attacks even as they investigate these abuses, highlighting urgent cybersecurity and legal privacy challenges.
- Citizen Lab discovered Pegasus spyware on Stelios Kouloglou’s phone during an investigation into spyware abuses in Europe.
- The European Parliament formed the 38-member PEGA Committee in March 2022 to probe Pegasus and similar spyware within EU states.
- The PEGA Committee’s 145-page final report, adopted in March 2023, detailed spyware misuse against journalists, politicians, and civil society, calling for stricter oversight.
- Prior to PEGA, four Catalan MEPs were targeted by Pegasus between 2019 and 2020, showing a broader pattern of spyware use against politicians.
Citizen Lab revealed that Pegasus spyware was found on the phone of Stelios Kouloglou, a Member of the European Parliament (MEP) actively investigating abuses of Pegasus spyware in Europe. Kouloglou called the attack "a direct attack on the rule of law." This discovery signals an alarming escalation where those scrutinizing spyware use are themselves targets.
In response to widespread concerns about spyware misuse, the European Parliament established the PEGA Committee in March 2022. Composed of 38 members with a potentially extended term of office, PEGA was tasked with investigating the use of Pegasus and equivalent surveillance spyware in EU member states. The committee’s final report, adopted in March 2023 and spanning 145 pages, documented extensive misuse of spyware targeting journalists, politicians, and civil society actors across Europe. It emphasized the need for stronger regulations and oversight to prevent such abuses.
Jeroen Lenaers, Chair of the PEGA Committee, highlighted the democratic threat posed by these spyware attacks, noting "many cases where innocent people such as journalists and lawyers have been targeted by spyware, and this is a huge problem for democracy and the rule of law." Prior incidents also revealed that four Catalan MEPs were targeted with Pegasus between 2019 and 2020.
This episode underscores the persistent cybersecurity risks political and legal actors face. The identity of those deploying the spyware on Kouloglou’s phone remains unknown, reflecting the opaque nature of this threat. The personal targeting of a committee member investigating Pegasus intensifies concerns about the challenges in safeguarding legal and political integrity from invasive surveillance technologies.
By the numbers:
- 38 members — size of the PEGA Committee formed to investigate Pegasus spyware
- 145 pages — length of the PEGA Committee's final report adopted in March 2023
- 2019-2020 — years when four Catalan MEPs were previously targeted with Pegasus spyware
What's next: The European Parliament may consider tougher legal frameworks and enhanced cybersecurity measures for elected officials following the PEGA Committee findings.