Overview
- The University of Toronto’s Citizen Lab published a forensic report on July 3 confirming Pegasus spyware on the phone of Stelios Kouloglou, a substitute member of the European Parliament’s PEGA committee, and said this is the first public case of a sitting committee member being a confirmed victim.
- Citizen Lab found Kouloglou’s device was infected at least twice during the inquiry, with incidents tied to October 21, 2022 and March 6–7, 2023, and identified the intrusion method as a zero-click HomeKit exploit later patched by Apple.
- Investigators linked the attacks to operational signals used in earlier Pegasus campaigns, notably reuse of a Pegasus-linked email address and overlap with campaigns against Russian- and Belarusian-speaking exiles, but they did not publicly attribute the operation to any specific state.
- The report warns the hacks could have exposed confidential PEGA deliberations and staff communications; Kouloglou said he will seek legal action against NSO Group and the European Parliament says it offers spyware scans and monitors threats for members.
- MEPs and digital-rights experts say the case underscores persistent gaps in EU protections and is renewing urgent calls to implement PEGA recommendations, tighten export and vendor controls, and create stronger remedies for victims.