New findings have added a troubling twist to Europe's long-running spyware scandal, with digital forensic evidence indicating former member of the European Parliament that Greek journalist and Stelios Kouloglou was targeted by the Pegasus surveillance software while serving on the European Parliament's inquiry into the misuse of spyware by EU member states.
According to an investigation by the University of Toronto's Citizen Lab, one of the world's leading digital rights research centres, Kouloglou's mobile phone was infected at least twice with Pegasus, the sophisticated spyware developed by the Israeli company NSO Group. Once installed, Pegasus can give its operator near-total access to a target's device, including messages, calls, photographs and even the phone's microphone and camera.
The timing of the infections has heightened concerns in Brussels. Both incidents coincided with critical moments in the work of the European Parliament's PEGA committee, which was established to investigate allegations that governments across the EU had deployed commercial spyware against journalists, politicians and civil society figures.
Citizen Lab said there was a possibility that whoever controlled the spyware gained access to non-public information related to the committee's work, raising questions about the confidentiality of parliamentary proceedings and the integrity of European democratic institutions.
The first confirmed infection occurred on 21 October 2022, as the PEGA committee was preparing hearings on the use of spyware and finalising the first draft of its report. At the same time, committee members were planning fact-finding visits to Greece and Cyprus, two countries that had become central to the Parliament's investigations into surveillance abuses.
The second infection took place on 6 and 7 March 2023, as the committee was preparing its final report. During the same period, another European Parliament committee, LIBE, was conducting meetings in Greece concerning the Predator spyware scandal and allegations of illegal surveillance.
Citizen Lab said the attacks were carried out using so-called "zero-click" techniques, allowing the device to be compromised without the user opening a link, downloading a file or taking any action at all.
The researchers stopped short of attributing responsibility to any specific government and said they had found no evidence implicating the Greek authorities. However, they identified similarities with Pegasus attacks against Russian and Belarusian journalists and activists in Europe, suggesting the involvement of an NSO client capable of conducting surveillance operations across multiple European countries.
Kouloglou said he was shocked to discover that he had been targeted, describing it as inconceivable that a member of the parliamentary committee investigating spyware abuses could himself have been subjected to surveillance.
The case, he argued, exposed a broader climate of impunity surrounding illegal spying in Europe.
The former MEP said he intends to pursue legal action against NSO Group and against those responsible for infecting his phone. He also plans to raise the issue again within the European Parliament through contacts in Brussels.
The revelations have prompted fresh concern within the Parliament itself. Members of the PEGA committee have described the incident as a direct threat to European democracy and renewed calls for stronger oversight and accountability mechanisms governing the use of commercial spyware.
Some lawmakers fear that Kouloglou's case may be only "the tip of the iceberg", with the full extent of surveillance targeting individuals within European institutions still unknown.




























