Cybercrime as-a-service,
Cyberwarfare / Nation-State Attacks,
Endpoint Security
Members of European Parliament Seek Fresh Spyware Probe Following Revelations

Recent developments have prompted a renewed call for an investigation into spyware activities within the European Parliament. Lawmakers are reacting to revelations that a member of the Parliament’s committee investigating the Pegasus mobile device hacking software, Stelios Kouloglou, was himself a target of the same surveillance tool. This incident has raised serious concerns regarding the security protocols in place for members of the Parliament.
A detailed report from the University of Toronto’s Citizen Lab has shed light on Kouloglou’s hacking ordeal. The MEP, known for his leftist views and an active participant in the PEGA Committee, became a target while the committee was actively engaged in investigating how the Israeli-based NSO Group’s Pegasus software was utilized globally to monitor dissidents, journalists, and various other individuals. This committee was established in March 2022, following the alarming disclosures made in 2021 about the rampant abuse of such surveillance technologies.
This marks the first confirmed instance of a PEGA Committee member being targeted using Pegasus, although other MEPs, such as France’s Nathalie Loiseau and Bulgaria’s Elena Yoncheva, have also reportedly been victims of this spyware. Citizen Lab’s findings emerged after Kouloglou reached out to their researchers in May, expressing concern about potential hacking of his smartphone. Their subsequent analysis confirmed what he feared: his device had indeed been compromised on two distinct occasions—October 21, 2022, and once more in early March 2023. Investigators linked these attacks to the notorious PWNYOURHOME zero-click exploit, which requires no interaction from the targeted user to infiltrate the device.
“The infection mechanism seemed to involve the attacker sending a meticulously crafted NSKeyedArchive that found its way into HomeKit, followed by further malicious content directed at MessagesBlastDoorService,” the researchers reported. They discussed the timeline of Apple’s patches, indicating that certain vulnerabilities were addressed in updates released in late 2022 and early 2023, but not before Kouloglou’s device was compromised.
Despite receiving multiple notifications from Apple regarding potential risks of spyware attacks, Kouloglou did not recall seeing these alerts. Although his immediate response to queries from ISMG was not available, he did express intentions to pursue legal action against NSO Group, indicating the gravity of his situation.
Notably, the timing of the spyware infections appears to coincide with crucial phases of the PEGA Committee’s discussions about their draft report and significant hearings, raising concerns about the potential influence of the hacking on their deliberations. Kouloglou was also preparing for a planned trip to Greece—an EU nation that has been implicated in spyware misuse—during this period. This connection deepens the intrigue surrounding the incident, as questions loom over which entities might have orchestrated these attacks.
However, researchers indicated no direct evidence linking the Greek government to the NSO Group or the use of Pegasus. Instead, the hacking may have stemmed from group targeting of independent journalists and activists in Russian and Belarusian contexts, highlighting the broader networks of international surveillance.
Calls for Probe
As a result of these revelations, Citizen Lab has urged the European Parliament for immediate inquiries concerning Kouloglou’s hacking experiences. The researchers emphasized the swift need for investigation to secure any forensic evidence that may dissipate over time. They also suggested the European Parliament bolster its current optional spyware screening protocols, aiming for improved efficacy and transparency regarding the results of such screenings.
In a swift reaction to these disturbing developments, spokespeople representing various political factions within the European Parliament have voiced the urgent need for a comprehensive response. Alex Johnson, a member of the Greens/EFA group, stressed the necessity of a plenary debate on the matter and indicated plans to table the issue in the upcoming week.
Johnson pointed out that many of the recommendations from the PEGA Committee—designed to impose stricter limitations on the authorization and deployment of spyware—have yet to be fully realized. They are advocating for enhanced governmental oversight and regulatory frameworks surrounding spyware usage, as well as better legal recourse for targeted individuals.
Meanwhile, other lawmakers, such as Thomas Shannon from The Left, lamented that efforts to combat spyware are stagnating compared to U.S. actions, which include sanctions against specific spyware companies. Concerns have been echoed across the European political spectrum, including statements from Renew Europe’s Linda Aziz-Rohlje, who conveyed deep worries regarding the implications stemming from the recent discoveries.
In response to these concerns, European Parliament spokesperson Delphine Colard emphasized the institution’s commitment to offering spyware screening to its members, noting ongoing initiatives to extend these screenings to all devices utilized for parliamentary functions. However, additional specifics regarding enhanced cybersecurity measures remain undisclosed, leaving many questions unanswered as lawmakers prepare for what may be a pivotal discussion in the weeks ahead.