
A lawmaker who investigated spyware was hacked with Pegasus
- WeThePurple
- News
- 6 min read
Stelios Kouloglou sat on the European Parliament committee that investigated spyware abuse. Researchers say his own phone was hacked with Pegasus. What the case shows about state spyware in Europe, and why it matters for everyone.
A politician who helped investigate spyware abuse has himself been hacked with spyware. According to TechCrunch, security researchers confirmed that Stelios Kouloglou, a Greek former journalist and member of the European Parliament, had his phone infected with Pegasus. The finding turns a spyware investigator into a spyware victim, and it puts the misuse of these tools back in the spotlight.
The investigator became the target

Kouloglou sat on the European Parliament's PEGA committee. That committee was set up to investigate how European governments were using phone spyware. In other words, he was one of the people whose job was to hold spyware abuse to account.
That is what makes the case so striking. According to the reporting, his phone was hacked while he served on the very committee probing these tools. When an investigator into surveillance is placed under surveillance, it raises a hard question about who is really being watched, and by whom.
What Pegasus actually is
Pegasus is spyware made by NSO Group, an Israeli-headquartered company. Once it is on a phone, it can give an operator deep access to that device: messages, calls, photos, location and more. It is sold to government clients, who are supposed to use it against serious crime and terrorism.
- Researchers say MEP Stelios Kouloglou was hacked with Pegasus spyware, per TechCrunch
- He sat on the European Parliament's PEGA committee that investigated spyware abuse
- Pegasus, made by NSO Group, can give deep access to a target's phone
- Citizen Lab did not name a country, but linked the attack to a wider European campaign
- The reused infrastructure implies NSO authorised Pegasus use across several EU states
- Kouloglou says he plans to sue NSO Group
The problem is that the same power is easy to turn on journalists, activists and politicians. This case is one more example of that gap between how the tool is marketed and how it appears to get used in practice.
What the researchers found, and did not
According to TechCrunch, the researchers at Citizen Lab confirmed the Pegasus infection but did not attribute the hack to a specific country. They noted that the government customer used the same Pegasus-linked email address that appeared in an earlier campaign, one that had hacked the phones of journalists across Europe.
According to the same reporting, that reuse implies NSO Group had authorised the use of Pegasus across multiple European countries. In plain terms: the researchers stopped short of naming who did it, but the technical trail points to a customer operating with the maker's approval, and to a pattern that reaches beyond one target.
Kouloglou plans to sue NSO Group
According to TechCrunch, Kouloglou said he plans to sue NSO Group over the hack. A lawsuit would push the question into a courtroom, where the details of who bought and ran the spyware could be tested rather than left to inference.
Why this matters for everyone
You are unlikely to be a personal target of Pegasus, which is expensive and aimed at high-value individuals. The reason this still matters is accountability. If a sitting lawmaker investigating spyware can be hacked with that same spyware, the guardrails meant to keep these tools pointed only at serious criminals are not holding. Keeping your phone and apps updated closes off many lesser threats, but the real fix here is political and legal, not a setting you can toggle.



According to TechCrunch, Kouloglou said he plans to sue NSO Group over the hack. A lawsuit would push the question into a courtroom, where the details of who bought and ran the spyware could be tested rather than left to inference.