Stelios Kouloglou, a former Member of the European Parliament (MEP) who served on the committee investigating Pegasus spyware abuses, was himself repeatedly infected with NSO Group’s Pegasus spyware during his tenure, according to new forensic findings from the Citizen Lab.
The finding marks the first time a PEGA committee member has been publicly identified as a Pegasus victim while actively serving on the inquiry.
Kouloglou served as a substitute member of the European Parliament’s Committee of Inquiry into Pegasus and equivalent surveillance spyware (PEGA Committee) from March 2022 to July 2023. Forensic analysis of his iPhone, conducted after he contacted Citizen Lab in May 2026, revealed his device was compromised at multiple points during the committee’s most sensitive deliberations.
Kouloglou’s device was infected with Pegasus on October 21, 2022, and again on March 6–7, 2023. The first infection used the PWNYOURHOME zero-click exploit, evidenced by a lookup for a HomeKit-linked email address (rauharepo888@gmail.com) followed by Pegasus network activity two minutes later.
MEP Phone Hacked With Pegasus
Apple sent Kouloglou threat notifications on three separate occasions: March 2, 2023, August 29, 2023, and April 10, 2024. He does not recall seeing them.
Both infection dates align precisely with intense periods of PEGA Committee activity, including hearing preparation, draft report circulation, and international delegation visits.
The October 2022 infection occurred ten days before a PEGA delegation trip to Cyprus and Greece that Kouloglou helped plan and personally joined. It also coincided with the committee’s drafting of its first report, much of which was being discussed via text and email among members and staff.
Notably, the exact infection date fell while Kouloglou was hospitalized for elective surgery. That same day, he was visited by Greek investigative journalist Thanasis Koukakis, who had previously testified before PEGA about being targeted with Intellexa’s Predator spyware.
Because the infection occurred during a hospital stay, Citizen Lab notes it’s possible the spyware could have captured confidential medical information, potentially implicating Greek data protection law.
The second infection, in March 2023, occurred while Kouloglou was in Brussels during final negotiations on the committee’s report — and coincided with a separate PEGA-linked delegation visit to Greece by rapporteur Sophie in ‘t Veld.
Citizen Lab stopped short of attributing the hacking to a specific government, explicitly stating it found no evidence the Greek government was responsible and no indication Greece has ever been an NSO Group customer.
Instead, researchers identified an overlap: the same HomeKit-linked email used in Kouloglou’s first infection also appeared in a 2024 joint report with Access Now documenting Pegasus targeting of Russian and Belarusian-speaking exiled journalists and activists across Europe.
Kouloglou is not the first MEP found to have been hacked with mercenary spyware. Catalan MEPs Diana Riba, Jordi Solé, and Carles Puigdemont were previously confirmed Pegasus targets, as was Greek MEP Nikos Androulakis (Predator).
More recently, French MEP Nathalie Loiseau and German MEP Daniel Freund confirmed spyware targeting in 2024. However, Kouloglou is the first PEGA Committee member identified as compromised while actively serving on the inquiry itself.