The mobile phone of a Greek politician was repeatedly hacked by spyware while he was working on a European Parliament investigation into sellers of the surveillance technology, new research has found.
Stelios Kouloglou, a journalist and former member of the European Parliament, had his iPhone compromised by spyware manufactured by the Israeli company NSO Group on at least two occasions between 2022 and 2023, according to a report published on July 3 by the University of Toronto’s digital watchdog group Citizen Lab.
Representatives for NSO Group didn’t respond to requests for comment.
NSO sells its spyware, known as "Pegasus,” exclusively to governments and law enforcement agencies, and it is intended to be used to monitor terrorists and other serious criminals. The technology allows authorities to remotely hack into mobile phones and eavesdrop on phone calls, private messages and make copies of data stored on a device.
However, Pegasus has repeatedly been deployed by governments to target journalists, activists and political opponents, according to researchers and media reports.
At the time he was hacked, Kouloglou was working on the European Parliament’s PEGA Committee, which was established to scrutinise the trade in NSO’s Pegasus and other surveillance technologies used by governments. The committee’s report concluded in 2023 that such technologies posed a "threat to democracy and fundamental rights” and called for tougher regulation on how they could be used and sold within the European Union.
Kouloglou said in an interview that his phone had contained communications with Greece’s former prime minister, Alexis Tsipras, in addition to private medical information and journalistic contacts.
He said he wasn’t sure which government might have targeted him with NSO’s spyware. "I’ll do my best to find out who is responsible,” he said.
Citizen Lab’s report doesn’t identify who may have used the spyware to target Kouloglou. But the group found evidence suggesting the same entity that hacked the Greek politician had also targeted a group of seven Russian and Belarusian-speaking independent journalists and opposition activists based in Europe.
In at least one of the hacks targeting Kouloglou, the NSO spyware compromised his iPhone by using what’s known as a zero-click exploit, according to Citizen Lab. That means his device was silently compromised without him clicking on any malicious link. Such methods are among the most sophisticated – and costly – known ways to hack into mobile devices.
Several European members of parliament have previously been targeted by NSO’s spyware, including four Catalan lawmakers between 2019 and 2020 and a French representative in 2023. But the targeting of Kouloglou represents the first known incident in which a serving member of the PEGA committee was hacked.
John Scott-Railton, a senior researcher with Citizen Lab, said the case highlighted that the European Union’s executive body, the European Commission, needed to take stronger action to counter spyware on the continent.
"This case is the ultimate irony of Europe’s spyware crisis,” said Scott-Railton. "Someone on the very committee tasked with investigating Pegasus gets infected by it. And what has happened since? The committee’s recommendations have been ignored.”
Antoine Lomba, a spokesperson for the European Commission, said in an emailed statement that the commission was "working to address the illegal use of spyware from various angles of EU law.”
"The Commission’s position is very clear: Any attempts to illegally access data of citizens, including journalists and political opponents, is unacceptable,” he said. "This is a complex issue and it must be addressed comprehensively. Some of the challenges have already been addressed through legislation. Others are addressed through non-legislative tools.”
Sophie in 't Veld, a Dutch former member of the European Parliament who served as rapporteur for the PEGA committee, said she didn’t view the targeting of Kouloglou as an isolated incident but rather "part of a system” of attacks.
"For five years now there has been complete impunity for the abuse of spyware,” she said. "There have been absolutely zero consequences. The scandal is nobody is lifting a finger to end this.” – Bloomberg
