"It is ironic that a member of the committee charged with investigating Pegasus was himself targeted with Pegasus spyware," Ron Deibert, founder and director of Citizen Lab, told CyberScoop after his team disclosed the infection of a member of the European Parliament’s PEGA Committee.
Citizen Lab’s report on Stelios Kouloglou
The University of Toronto’s Citizen Lab published a report, released Friday, that identified Pegasus spyware on the phone of substitute PEGA Committee member Stelios Kouloglou, a Greek journalist and former member of the European Parliament. Citizen Lab concluded with "high confidence" that Kouloglou’s device was infected twice: once around October 2022 and again around March 2023. According to the report, this is the first time a member of the PEGA Committee has been publicly identified as a Pegasus victim.
Two infections during key committee work
Citizen Lab’s timeline places both infections at politically sensitive moments. The first infection occurred as the committee prepared for prominent hearings and the first draft of its report in late 2022; Kouloglou was in hospital at the time and received a visit from a Greek journalist who had testified before the committee and previously had his phone infected. The second infection coincided with intense discussions related to the final drafting process in March 2023. Citizen Lab noted that, given Pegasus’s ability to capture audio through an infected phone, the first incident raised the possibility that protected health information may have been exposed.
How the investigation unfolded
Citizen Lab’s analysis began in May when Kouloglou, prompted by a lawyer he knew, sent his phone’s data to the research organization while he was doing investigative reporting and writing a "scandal of the week" column. "I said, 'Why not? Let’s do it,'" Kouloglou told CyberScoop about agreeing to the tests. The investigation did not attribute responsibility for the infections; Citizen Lab’s statement framed the case as evidence of the risks posed by "the still unregulated and highly abused mercenary spyware industry."
Hannah Neumann, John Scott‑Railton, and the parliamentary response
Hannah Neumann, a PEGA Committee member and member of the European Parliament from Germany, said many on the committee had expected hacking attempts but found it frustrating to confirm one had occurred. Neumann described internal efforts to protect the committee: "When we decided to set up the Pega Committee, we really worked hard with our internal European Parliament IT security… so that they can provide spyware checks for the members of the Pega Committee and their staff." She urged enactment of the committee’s recommendations, saying, "I don't know how much more it needs for member states and the commission to wake up and actually start implementing the very good recommendations of our PEGA committee."
John Scott‑Railton, senior researcher at Citizen Lab, warned that Kouloglou "almost certainly won’t be the last member of parliament to get infected," adding, "I can tell you how the next chapter will go: more hacked Parliamentarians. In fact, I suspect there are members voting and attending high level meetings with no idea that their phone has been turned into a spy in their pocket."
What this means for members of parliament, Citizen Lab, and NSO Group
- Members of parliament: Kouloglou and Neumann both urged regular device checks; Neumann highlighted the European Parliament’s internal IT security checks for PEGA members and staff and stressed the need to implement the committee’s recommendations rather than convene another committee.
- Citizen Lab and researchers: The report reinforces Citizen Lab’s long-standing framing of mercenary spyware as a democratic risk and motivates further forensic scanning of devices when victims are able to provide data, as happened in May in this case.
- NSO Group: Kouloglou said he plans to pursue legal action against NSO Group. The report noted that Israel‑based NSO Group did not respond to a request for comment Thursday afternoon.
PEGA recommendations and the push for action
The PEGA Committee investigated spyware abuses across the European Union in 2022 and 2023 following journalistic revelations about government deployment of NSO Group’s Pegasus technology. Members of the committee and Citizen Lab framed Kouloglou’s infection as further evidence that the "mercenary spyware industry" threatens parliamentary privilege and democratic processes. Neumann’s call was direct: enact the PEGA Committee’s final report recommendations. Kouloglou’s stated intention to pursue legal action against NSO Group and the lack of a response from NSO underscore the legal and political dimensions now converging on the question of how the EU and member states will move from investigation to enforcement.
The Citizen Lab finding answers a question none of the committee members wanted—the invader may have been bold enough to target the body charged with exposing abuse. What follows now is a matter the committee warned about in its own work: whether elected institutions and governments will convert exposure into concrete policy and legal steps to curb the use and resale of highly secretive surveillance tools.
Source: CyberScoop — Someone infected a spyware probe overseer with spyware




